CVE-2021-35966

Sažetak

The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be redirected to any website. Remote attackers can use the vulnerability to execute phishing attacks.

Reference

https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25
https://www.twcert.org.tw/tw/cp-132-4926-dc06b-1.html

CVSS

Base:	5.8
Impact:	4.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

28-07-2021 - 12:48

Objavljeno

19-07-2021 - 12:15