Open Redirect in Learningdigital Orca_hcm
CVE-2021-35966
The specific function of the Orca HCM digital learning platform does not filter input parameters properly, which causing the URL can be redirected to any website. Remote attackers can use the vulnerability to execute phishing attacks.
Vulnerability class: Open Redirect
EPSS: 0.008 (52.6th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.
Affected products
- Learningdigital Orca_hcm
- Learningdigital.com, Inc. Orca Hcm — versions unspecified
Weakness classification (CWE)
References
- twcert@cert.org.tw (x_refsource_MISC, Not Applicable)
- twcert@cert.org.tw (Third Party Advisory, x_refsource_MISC)
Frequently asked questions
- What is CVE-2021-35966?
- CVE-2021-35966 is a medium-severity vulnerability in Learningdigital Orca_hcm, classified under URL Redirection to Untrusted Site (Open Redirect). CVSS score: 6.1/10. Published 2021-07-19.
- How severe is CVE-2021-35966?
- Medium severity. CVSS v3 base score is 6.1 out of 10.