CVE-2022-22833

HIGH

Servisnet Tessa 0.0.2 - Info Disclosure

Title source: llm

Description

An issue was discovered in Servisnet Tessa 0.0.2. An attacker can obtain sensitive information via a /js/app.js request.

Exploits (2)

exploitdb WORKING POC

by AkkuS · rubywebappsmultiple

https://www.exploit-db.com/exploits/50713

View Code ZIP pw:eip

exploitdb WORKING POC

by AkkuS · rubywebappsmultiple

https://www.exploit-db.com/exploits/50712

View Code ZIP pw:eip

References (4)

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/165867/Servisnet-Tessa-MQTT-Credential-Disclosure.html

[Product, Vendor Advisory] http://www.servisnet.com.tr/en/page/products

[Exploit, Third Party Advisory] https://pentest.com.tr/exploits/Servisnet-Tessa-MQTT-Credentials-Dump-Unauthenticated.html

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/50713

Scores

CVSS v3 7.5

EPSS 0.2112

EPSS Percentile 95.6%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

Status published

Affected Products (1)

servisnet/tessa

Timeline

Published Feb 06, 2022

Tracked Since Feb 18, 2026