Vulnerabilities > CVE-2021-35965 - Insecure Default Initialization of Resource vulnerability in Learningdigital Orca HCM

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

learningdigital

CWE-1188

critical

NVD

Published: 2021-07-19

Updated: 2022-10-27

Summary

The Orca HCM digital learning platform uses a weak factory default administrator password, which is hard-coded in the source code of the webpage in plain text, thus remote attackers can obtain administrator’s privilege without logging in.

Vulnerable Configurations

Part	Description	Count
Application	Learningdigital Learningdigital Orca HCM *	1

Common Weakness Enumeration (CWE)

CWE-1188 - Insecure Default Initialization of Resource

References

https://www.twcert.org.tw/tw/cp-132-4925-86733-1.html
https://www.chtsecurity.com/news/ba7b3ae7-14f3-4970-b3f6-4d97d8c7ea25