CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2021-38146

The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.451

EPSS Ranking 97.5%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

http://packetstormsecurity.com/files/164970/Wipro-Holmes-Orchestrator-20.4.1-Arbitrary-File-Download.html
https://www.wipro.com/holmes/
http://packetstormsecurity.com/files/164970/Wipro-Holmes-Orchestrator-20.4.1-Arbitrary-File-Download.html
https://www.wipro.com/holmes/

Products affected by CVE-2021-38146

Wipro » Holmes » Version: 20.4.1

cpe:2.3:a:wipro:holmes:20.4.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-38146

Products

Pricing

Contact Us