Wipro Holmes Orchestrator version 20.4.1 allows unauthenticated re-downloading of priorly exported reports in Excel.
be9d06f0cfdf4b2a5e3e1048b978ac6ba226c9ce6a52b1ce78d912d5e71b418e# Exploit Title: Wipro Holmes Orchestrator 20.4.1 Unauthenticated Excel Report Download
# Date: 09/08/2021
# Exploit Author: Rizal Muhammed @ub3rsick
# Vendor Homepage: https://www.wipro.com/holmes/
# Version: 20.4.1
# Tested on: Windows 10 x64
# CVE : CVE-2021-38147
In the Wipro Holmes Orchestrator 20.4.1 application, if at some point some user has exported any of the Reports as excel, these files remain in the server. When an unauthenticated user attempts to access any of the below endpoints such files are downloaded. Details of the vulnerable endpoints and the information exposed by the reports from these endpoints are provided below.
User Report:-
API: http://HOLMES_ORCH_HOST:PORT/processexecution/DownloadExcelFile/User_Report_Excel
Exposed Information: Username, Email, Role, First Name, Last Name, User Level and User Domain of different users.
Domain Credentials Report:-
API: http://HOLMES_ORCH_HOST:PORT/processexecution/DownloadExcelFile/Domain_Credential_Report_Excel
Exposed Information: Domain Credential Names, Type, Domain Names
Other Endpoints:-
http://HOLMES_ORCH_HOST:PORT/processexecution/DownloadExcelFile/Process_Report_Excel
http://HOLMES_ORCH_HOST:PORT/processexecution/DownloadExcelFile/Infrastructure_Report_Excel
http://HOLMES_ORCH_HOST:PORT/processexecution/DownloadExcelFile/Resolver_Report_Excel
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed