daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Update CVE-2021-38146.yaml

patch-4
Ritik Chaddha 2024-06-11 17:18:52 +05:30 committed by GitHub
parent cee045464d
commit c6ecf680d1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
http/cves/2021/CVE-2021-38146.yaml
View File

@ -8,10 +8,10 @@ info:
The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data.
remediation: Fixed In v21.4.0
reference:
- https://nvd.nist.gov/vuln/detail/CVE-2021-38146
- https://packetstormsecurity.com/files/164970/Wipro-Holmes-Orchestrator-20.4.1-Arbitrary-File-Download.html
- https://flippingbitz.com/post/wipro-ho-2041-cve/
- https://www.wipro.com/holmes/
- https://nvd.nist.gov/vuln/detail/CVE-2021-38146
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
@ -25,7 +25,7 @@ info:
vendor: wipro
product: holmes
fofa-query: title="Wipro Holmes Orchestrator"
tags: cve,cve2021,packetstorm,wipro,lfi
tags: cve,cve2021,wipro,holmes,lfi
http:
- method: POST