Lucene search
MitreCVELIST:CVE-2021-38147HistoryNov 29, 2021 - 7:42 a.m.
CVE-2021-38147
2021-11-2907:42:23
mitre
www.cve.org
5
wipro holmes orchestrator
remote access
file download
authentication bypass
sensitive information
EPSS
0.089
Percentile
94.7%
Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/Domain_Credential_Report_Excel, processexecution/DownloadExcelFile/User_Report_Excel, processexecution/DownloadExcelFile/Process_Report_Excel, processexecution/DownloadExcelFile/Infrastructure_Report_Excel, or processexecution/DownloadExcelFile/Resolver_Report_Excel.
Related
nvd
nvd
CVE-2021-38147
2021-11-29 08:15:07
prion
prion
Design/Logic Flaw
2021-11-29 08:15:00
cve
cve
CVE-2021-38147
2021-11-29 08:15:07
packetstorm
packetstorm
Wipro Holmes Orchestrator 20.4.1 Report Disclosure
2021-11-22 00:00:00
nuclei
nuclei
Wipro Holmes Orchestrator 20.4.1 - Information Disclosure
2024-06-07 14:17:05
cnvd
cnvd
Wipro Holmes Orchestrator Access Control Error Vulnerability
2021-11-24 00:00:00
zdt
zdt
Wipro Holmes Orchestrator 20.4.1 Report Disclosure Vulnerability
2021-11-22 00:00:00