This Metasploit module exploits privilege escalation in Servisnet Tessa triggered by the add new sysadmin user flow with any user authorization An API request to "/data-service/users/[userid]" with any low-authority user returns other users' information in response The encrypted password information is included here, but privilege escalation is a ...