5 matches found
CVE-2021-38147
Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/DomainCredentialReportExcel,...
CVE-2021-38147
creationtimestamp| type| source ---|---|--- 2021-11-29 12:33:17+00:00| seen| https://t.me/cibsecurity/33022 2024-06-07 17:17:05+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-38147.yaml...
CVE-2021-38147
Wipro Holmes Orchestrator 20.4.1 20.4.102112020 allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/DomainCredentialReportExcel,...
CVE-2021-38147
Wipro Holmes Orchestrator 20.4.1 is affected by CVE-2021-38147, an information-disclosure vulnerability. Unauthenticated attackers can access API endpoints processexecution/DownloadExcelFile/{Domain_Credential_Report_Excel|User_Report_Excel|Process_Report_Excel|Infrastructure_Report_Excel|Resolve...
Wipro Holmes Orchestrator 20.4.1 Report Disclosure
Exploit Title: Wipro Holmes Orchestrator 20.4.1 Unauthenticated Excel Report Download Date: 09/08/2021 Exploit Author: Rizal Muhammed @ub3rsick Vendor Homepage: https://www.wipro.com/holmes/ Version: 20.4.1 Tested on: Windows 10 x64 CVE : CVE-2021-38147 In the Wipro Holmes Orchestrator 20.4.1...