{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-14T01:39:02.532","vulnerabilities":[{"cve":{"id":"CVE-2024-8584","sourceIdentifier":"twcert@cert.org.tw","published":"2024-09-09T03:15:09.723","lastModified":"2025-02-17T04:15:08.240","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Orca HCM from LEARNING DIGITAL has an Missing Authentication vulnerability, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in."},{"lang":"es","value":"Orca HCM de LEARNING DIGITAL no restringe adecuadamente el acceso a una funcionalidad específica, lo que permite que un atacante remoto no autenticado explote esta funcionalidad para crear una cuenta con privilegios de administrador y posteriormente usarla para iniciar sesión."}],"metrics":{"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-306"}]},{"source":"nvd@nist.gov","type":"Secondary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:learningdigital:orca_hcm:*:*:*:*:*:*:*:*","versionEndExcluding":"11.0","matchCriteriaId":"7C124B76-9742-4EC2-93D5-B34039A6159E"}]}]}],"references":[{"url":"https://www.twcert.org.tw/en/cp-139-8040-948ef-2.html","source":"twcert@cert.org.tw","tags":["Third Party Advisory"]},{"url":"https://www.twcert.org.tw/tw/cp-132-8039-24e48-1.html","source":"twcert@cert.org.tw","tags":["Third Party Advisory"]}]}}]}