CVE-2021-38147 — AI Deep Analysis Summary

🚨 **Essence**: Wipro Holmes Orchestrator has a **Broken Access Control** flaw. 📉 **Consequences**: Unauthenticated attackers can download sensitive Excel reports (credentials, user data) without logging in.…

🛡️ **Root Cause**: **Access Control Error**. The API endpoints for downloading Excel files lack proper authentication checks. 🚫 No password/token required to access `processexecution/DownloadExcelFile/...` paths.

🏢 **Affected**: **Wipro Holmes Orchestrator**. 📦 **Version**: Specifically **20.4.1** (Build 20.4.1_02_11_2020). If you are on this version, you are at risk!

💻 **Attacker Actions**: Download arbitrary Excel reports. 📂 Includes: Domain Credential Reports, User Reports, Process Reports, Infrastructure Reports, and Resolver Reports.…

⚡ **Exploitation Threshold**: **LOW**. 🚪 No authentication needed. Just send a GET request to the specific API endpoint. Anyone on the internet can access it if the port is open.

🔓 **Public Exploit**: **YES**. 📜 A Nuclei template exists on GitHub (projectdiscovery/nuclei-templates). PacketStorm also has a disclosure. Easy to automate and scan.

🔍 **Self-Check**: Use **Nuclei** with the CVE-2021-38147 template. 🧪 Or manually curl the endpoint: `.../processexecution/DownloadExcelFile/Domain_Credential_Report_Excel`. If you get an Excel file, you are vulnerable!

🩹 **Official Fix**: The data implies a vulnerability exists in 20.4.1. 🔄 Check Wipro's official site for updates. Usually, upgrading to a patched version is the only real fix for access control flaws.

🚧 **No Patch?**: **Mitigation**: Block external access to these API endpoints via **Firewall/WAF**. 🛑 Restrict IP access to internal networks only. Remove public exposure of `/processexecution/` paths.

🔥 **Urgency**: **HIGH**. 🚨 Critical data (credentials/reports) is exposed with zero effort. Patch immediately or isolate the service. Don't wait!