Описание
The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- Product
- ExploitThird Party AdvisoryVDB Entry
- Product
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:wipro:holmes:20.4.1:*:*:*:*:*:*:*
EPSS
Процентиль: 97%
0.37019
Средний
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22
Связанные уязвимости
CVSS3: 7.5
github
около 4 лет назад
The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote attackers to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data.
EPSS
Процентиль: 97%
0.37019
Средний
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-22