The File Download API in Wipro Holmes Orchestrator 20.4.1 (20.4.1_02_11_2020) allows remote malicious users to read arbitrary files via absolute path traversal in the SearchString JSON field in /home/download POST data.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
wipro holmes 20.4.1 |