Open Redirect in Learningdigital Orca_hcm

CVE-2021-35966

The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be redirected to any website. Remote attackers can use the vulnerability to execute phishing attacks.

Vulnerability class: Open Redirect

EPSS: 0.008 (52.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2021-35966?
CVE-2021-35966 is a medium-severity vulnerability in Learningdigital Orca_hcm, classified under URL Redirection to Untrusted Site (Open Redirect). CVSS score: 6.1/10. Published 2021-07-19.
How severe is CVE-2021-35966?
Medium severity. CVSS v3 base score is 6.1 out of 10.