PT-2022-15700 · Servisnet · Servisnet Tessa
Ehakkus
+1
·
Published
2022-02-06
·
Updated
2023-08-08
·
CVE-2022-22832
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Servisnet Tessa version 0.0.2
Description
An issue was discovered where authorization data is available via an unauthenticated request to the "/data-service/users/" API endpoint.
Recommendations
For Servisnet Tessa version 0.0.2, consider restricting access to the "/data-service/users/" API endpoint to prevent unauthorized access to authorization data until a patch is available.
Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Servisnet Tessa