CVE-2024-8585

Name of the Vulnerable Software and Affected Versions: Orca HCM from LEARNING DIGITA versions up to 10.x

Description: The issue is related to the file download functionality, where a specific parameter is not properly restricted. This allows a remote attacker with regular privileges to download arbitrary system files. The estimated number of potentially affected devices is not provided. There is no information about real-world incidents where this issue was exploited. The vulnerability is related to a path traversal issue in the File Download Handler.

Recommendations: For Orca HCM from LEARNING DIGITA versions up to 10.x: Upgrade the affected component immediately to mitigate the risk. As a temporary workaround, consider restricting access to the file download functionality until a patch is available. Avoid using the vulnerable file download parameter to minimize the risk of exploitation.