CVE-2021-35968

{"id": "CVE-2021-35968", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "authentication": "SINGLE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "twcert@cert.org.tw", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2021-07-19T12:15:08.727", "references": [{"url": "https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25", "tags": ["Not Applicable"], "source": "twcert@cert.org.tw"}, {"url": "https://www.twcert.org.tw/tw/cp-132-4928-7e87b-1.html", "tags": ["Third Party Advisory"], "source": "twcert@cert.org.tw"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "twcert@cert.org.tw", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "The directory list page parameter of the Orca HCM digital learning platform fails to filter special characters properly. Remote attackers can access the system directory thru Path Traversal with users\u2019 privileges."}, {"lang": "es", "value": "El par\u00e1metro directory list page de la plataforma de aprendizaje digital Orca HCM no filtra correctamente los caracteres especiales. Unos atacantes remotos pueden acceder al directorio del sistema a trav\u00e9s de Salto de Ruta con privilegios de usuario"}], "lastModified": "2021-07-29T13:52:29.287", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:learningdigital:orca_hcm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5DD0FF13-4AF2-4BE9-AA93-428611BF30CE", "versionEndIncluding": "10.0"}], "operator": "OR"}]}], "sourceIdentifier": "twcert@cert.org.tw"}