CVE-2024-8584

Summary

CVE-2024-8584 is a critical vulnerability affecting Orca HCM from LEARNING DIGITAL, which fails to properly restrict access to certain functionalities. This security flaw allows an unauthenticated remote attacker to exploit the system and create an account with administrator privileges, enabling unauthorized access to sensitive data and functionalities. The CVSS score for this vulnerability is 9.8, indicating a high level of risk due to significant potential impacts on confidentiality, integrity, and availability. The vendor is working on a fix for this issue, and organizations using the affected products should monitor updates and apply patches once they are available. Immediate remediation steps include restricting access to the affected functionality until the vendor releases a comprehensive solution.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.