CVE-2021-38147 Scanner

Wipro Holmes Orchestrator is a widely used software solution for orchestrating various business processes within an organization. It is employed by enterprises for automating repetitive tasks, generating detailed reports, and improving operational efficiency. The software allows for integration with various IT systems and tools, making it a versatile option for different industries. Wipro Holmes Orchestrator is primarily utilized by IT and operations departments who require streamlined workflow automation coupled with data analytics. It features a user-friendly interface that enables easy customization and process automation. Due to its comprehensive functionality, it is crucial to ensure its security to protect sensitive organizational data.

This vulnerability relates to the exposure of sensitive information within the Wipro Holmes Orchestrator. Due to improper authorization checks on certain API endpoints, remote attackers can exploit this flaw to download sensitive reports. The ability to access these files without authentication poses a significant risk as it can lead to unauthorized disclosure of confidential business information. Exploitation of this vulnerability requires minimal interaction, thus making it a high-severity issue. It emphasizes the necessity of robust authentication mechanisms to safeguard sensitive data. Addressing this issue can prevent potential data breaches and maintain client trust in the software product.

Wipro Holmes Orchestrator version 20.4.1 contains an information disclosure vulnerability at several API endpoints. These endpoints, such as processexecution/DownloadExcelFile, allow remote attackers to download Excel files containing sensitive report data without requiring authentication. The vulnerability lies in the absence of proper access control measures, making it possible for attackers to access files like Domain_Credential_Report_Excel, User_Report_Excel, Process_Report_Excel, Infrastructure_Report_Excel, and Resolver_Report_Excel. These open endpoints provide opportunities for data exfiltration by malicious entities. Adequate measures for authentication and authorization checks are vital to addressing potential security threats.

If exploited, this vulnerability can have severe repercussions including loss of sensitive data, financial loss, and reputational damage. Attackers could misuse the disclosed information for fraudulent activities or to gain unauthorized access to company resources. Depending on the nature of the exposed reports, this data compromise could impact internal operations and client relationships. Moreover, the financial implications of a data breach stemming from this flaw could be substantial, resulting in legal penalties and loss of customer trust. Corrective actions are critical to mitigate these possible effects and secure the organization’s data assets.

REFERENCES

• https://packetstormsecurity.com/files/165039/Wipro-Holmes-Orchestrator-20.4.1-Report-Disclosure.html
• https://nvd.nist.gov/vuln/detail/CVE-2021-38147
• https://www.wipro.com/holmes/