{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-15T12:33:13.717","vulnerabilities":[{"cve":{"id":"CVE-2024-8585","sourceIdentifier":"twcert@cert.org.tw","published":"2024-09-09T03:15:10.013","lastModified":"2024-09-11T15:53:35.693","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"Orca HCM from LEARNING DIGITA does not properly restrict a specific parameter of the file download functionality, allowing a remote attacker with regular privileges to download arbitrary system files."},{"lang":"es","value":"Orca HCM de LEARNING DIGITA no restringe adecuadamente un parámetro específico de la funcionalidad de descarga de archivos, lo que permite que un atacante remoto con privilegios regulares descargue archivos de sistema arbitrarios."}],"metrics":{"cvssMetricV31":[{"source":"twcert@cert.org.tw","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}]},"weaknesses":[{"source":"twcert@cert.org.tw","type":"Secondary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:learningdigital:orca_hcm:*:*:*:*:*:*:*:*","versionEndExcluding":"11.0","matchCriteriaId":"7C124B76-9742-4EC2-93D5-B34039A6159E"}]}]}],"references":[{"url":"https://www.twcert.org.tw/en/cp-139-8042-f9f26-2.html","source":"twcert@cert.org.tw","tags":["Third Party Advisory"]},{"url":"https://www.twcert.org.tw/tw/cp-132-8041-dfbf9-1.html","source":"twcert@cert.org.tw","tags":["Third Party Advisory"]}]}}]}