CVE-2024-8584 CRITICAL

CVE-2024-8584: LEARNING DIGITAL Orca HCM - Missing Authentication

Vendor Learning Digital
Product Orca HCM
Weakness CWE-306 · Missing auth
Published September 9, 2024
Last update February 21, 2025

CVSS base score

9.8/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

Orca HCM from LEARNING DIGITAL has an Missing Authentication vulnerability, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in.

Key dates

02Disclosure timeline

September 9, 2024 CVE published
February 21, 2025 Record updated