CVE-2024-8584

Orca HCM from LEARNING DIGITAL does not properly restrict access to a specific functionality, allowing unauthenticated remote attacker to exploit this functionality to create an account with administrator privilege and subsequently use it to log in. ( The vendor is currently addressing the vulnerability. Once the fix is completed, we will provide information on the affected versions.)

More information : https://www.twcert.org.tw/en/cp-139-8040-948ef-2.html