PT-2022-15699 · Servisnet · Servisnet Tessa

Ehakkus

Published

2022-02-06

Updated

2022-02-11

CVE-2022-22831

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Servisnet Tessa version 0.0.2

Description An issue was discovered that allows an attacker to add a new sysadmin user via a manipulation of the Authorization HTTP header.

Recommendations For Servisnet Tessa version 0.0.2, consider restricting access to the Authorization HTTP header to prevent manipulation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

CVE-2022-22831

Affected Products

Servisnet Tessa

PT-2022-15699 · Servisnet · Servisnet Tessa

CVE-2022-22831

Weakness Enumeration

Related Identifiers

Affected Products

References · 8