CVE-2021-38147 Information
Jun 07, 2022
cve
Description
Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files such as reports containing sensitive information because authentication is not required for API access to processexecution/DownloadExcelFile/Domain_Credential_Report_Excel processexecution/DownloadExcelFile/User_Report_Excel processexecution/DownloadExcelFile/Process_Report_Excel processexecution/DownloadExcelFile/Infrastructure_Report_Excel or processexecution/DownloadExcelFile/Resolver_Report_Excel.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Reference
http://packetstormsecurity.com/files/165039/Wipro-Holmes-Orchestrator-20.4.1-Report-Disclosure.html https://www.wipro.com/holmes/
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
7.5
Share on: