An issue was discovered in Servisnet Tessa 0.0.2. An attacker can add a new sysadmin user via a manipulation of the Authorization HTTP header.
9.8CVSS
9.2AI Score
0.064EPSS
An issue was discovered in Servisnet Tessa 0.0.2. Authorization data is available via an unauthenticated /data-service/users/ request.
9.8CVSS
9.4AI Score
0.328EPSS
An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request.
7.5CVSS
7.2AI Score
0.252EPSS