Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Holmes Security Vulnerabilities

cve
cve

CVE-2021-38146

The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data.

7.5CVSS

7.4AI Score

0.123EPSS

2021-11-22 09:15 AM
26
cve
cve

CVE-2021-38147

Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/Domain_Credential_Report_Excel, processexecution/Do...

7.5CVSS

7.7AI Score

0.052EPSS

2021-11-29 08:15 AM
18
cve
cve

CVE-2021-38283

Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read application log files containing sensitive information via a predictable /log URI.

7.5CVSS

7.1AI Score

0.013EPSS

2021-11-29 08:15 AM
21