CVE-2024-8585

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Sep 9, 2024
Updated: Sep 11, 2024
CWE ID 22

Summary

CVE-2024-8585 affects Orca HCM from LEARNING DIGITA, where improper restriction of a file download parameter allows remote attackers to download arbitrary system files with low privileges. This vulnerability poses a high confidentiality impact, as it could lead to unauthorized access to sensitive information. The exploitability score is rated at 2.8, with a base severity classified as medium and a CVSS base score of 6.5. Organizations using affected products should implement appropriate security measures, such as restricting file access permissions and applying patches provided by the vendor. Without remediation, this vulnerability exposes systems to potential data breaches and loss of confidential information.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share