Wipro Holmes Orchestrator 20.4.1 - Information Disclosure

Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/DomainCredentialReportExcel,...

EUVD-2021-24741

Malware in sbrugna...

CVE-2021-38146

The File Download API in Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data...

CVE-2021-38147

Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/DomainCredentialReportExcel,...

CVE-2021-38283

Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read application log files containing sensitive information via a predictable /log URI...

Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure Exploit

Exploit Title: Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure Exploit Author: Rizal Muhammed @ub3rsick Vendor Homepage: https://www.wipro.com/holmes/ Version: Wipro Holmes Orchestrator v20.4.1 Tested on: Windows CVE : CVE-2021-38283 import requests as rq import argparse import datetime...

Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure

Exploit Title: Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure Date: 09/08/2021 Exploit Author: Rizal Muhammed @ub3rsick Vendor Homepage: https://www.wipro.com/holmes/ Version: Wipro Holmes Orchestrator v20.4.1 Tested on: Windows CVE : CVE-2021-38283 import requests as rq import argparse...

CVE-2021-38147

Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/DomainCredentialReportExcel,...

CVE-2021-38147

Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/DomainCredentialReportExcel,...

CVE-2021-38283

Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read application log files containing sensitive information via a predictable /log URI...

CVE-2021-38283

Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read application log files containing sensitive information via a predictable /log URI...

Design/Logic Flaw

Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read application log files containing sensitive information via a predictable /log URI...

Design/Logic Flaw

Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/DomainCredentialReportExcel,...

CVE-2021-38283

Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read application log files containing sensitive information via a predictable /log URI...

CVE-2021-38283

CVE-2021-38283 affects Wipro Holmes Orchestrator 20.4.1, where remote attackers can read sensitive log files via a predictable /log URI. The connected sources corroborate a log information disclosure vulnerability in the 20.4.1 release; no specific patch/version or remediation details are provide...

CVE-2021-38147

Wipro Holmes Orchestrator 20.4.1 is affected by CVE-2021-38147, an information-disclosure vulnerability. Unauthenticated attackers can access API endpoints processexecution/DownloadExcelFile/{Domain_Credential_Report_Excel|User_Report_Excel|Process_Report_Excel|Infrastructure_Report_Excel|Resolve...

CVE-2021-38147

Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/DomainCredentialReportExcel,...

Wipro Holmes Orchestrator Log Information Disclosure Vulnerability

Wipro Holmes Orchestrator is a one-stop application artificial intelligence Ai and automation platform orchestrator from Wipro India. version 20.4.1 of Wipro Holmes Orchestrator is vulnerable to log information disclosure, which can be exploited by unauthenticated attackers to access target log...

Wipro Holmes Orchestrator Access Control Error Vulnerability

Wipro Holmes Orchestrator, a one-stop application artificial intelligence Ai and automation platform orchestrator from Wipro India, is vulnerable to an access control error in Wipro Holmes Orchestrator version 20.4.1, which could be exploited by an unauthenticated attacker to download previously...

CVE-2021-38146

The File Download API in Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data...