Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
WiproHolmes

3 matches found

CVE
CVEadded 2021/11/22 9:15 a.m.46 views

CVE-2021-38146

The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data.

7.5CVSS7.4AI score0.45088EPSS
CVE
CVEadded 2021/11/29 8:15 a.m.38 views

CVE-2021-38147

Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/Domain_Credential_Report_Excel, processexecution/Do...

7.5CVSS7.7AI score0.63253EPSS
CVE
CVEadded 2021/11/29 8:15 a.m.34 views

CVE-2021-38283

Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read application log files containing sensitive information via a predictable /log URI.

7.5CVSS7.1AI score0.00699EPSS