PT-2021-22015 · Wipro · Wipro Holmes Orchestrator

Published

2021-11-22

Updated

2022-07-12

CVE-2021-38283

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: Wipro Holmes Orchestrator version 20.4.1

Description: The issue allows remote attackers to read application log files containing sensitive information. This is achieved via a predictable "/log" URI.

Recommendations: For Wipro Holmes Orchestrator version 20.4.1, restrict access to the /log URI to prevent unauthorized reading of application log files. Consider implementing proper access controls and authentication mechanisms for sensitive areas of the application.

Exploit

Fix

Missing Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-306

Related Identifiers

CVE-2021-38283

Affected Products

Wipro Holmes Orchestrator

PT-2021-22015 · Wipro · Wipro Holmes Orchestrator

CVE-2021-38283

Weakness Enumeration

Related Identifiers

Affected Products

References · 5