Update CVE-2021-38146.yaml
Ritik Chaddha
GitHub
parent
cee045464d
commit
c6ecf680d1
|
|
@ -8,10 +8,10 @@ info:
|
||||||
The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data.
|
The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data.
|
||||||
remediation: Fixed In v21.4.0
|
remediation: Fixed In v21.4.0
|
||||||
reference:
|
reference:
|
||||||
- https://nvd.nist.gov/vuln/detail/CVE-2021-38146
|
|
||||||
- https://packetstormsecurity.com/files/164970/Wipro-Holmes-Orchestrator-20.4.1-Arbitrary-File-Download.html
|
- https://packetstormsecurity.com/files/164970/Wipro-Holmes-Orchestrator-20.4.1-Arbitrary-File-Download.html
|
||||||
- https://flippingbitz.com/post/wipro-ho-2041-cve/
|
- https://flippingbitz.com/post/wipro-ho-2041-cve/
|
||||||
- https://www.wipro.com/holmes/
|
- https://www.wipro.com/holmes/
|
||||||
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-38146
|
||||||
classification:
|
classification:
|
||||||
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
||||||
cvss-score: 7.5
|
cvss-score: 7.5
|
||||||
|
|
@ -25,7 +25,7 @@ info:
|
||||||
vendor: wipro
|
vendor: wipro
|
||||||
product: holmes
|
product: holmes
|
||||||
fofa-query: title="Wipro Holmes Orchestrator"
|
fofa-query: title="Wipro Holmes Orchestrator"
|
||||||
tags: cve,cve2021,packetstorm,wipro,lfi
|
tags: cve,cve2021,wipro,holmes,lfi
|
||||||
|
|
||||||
http:
|
http:
|
||||||
- method: POST
|
- method: POST
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue