Vulnerabilites related to servicenow - servicenow
Vulnerability from fkie_nvd
Published
2023-01-13 00:15
Modified
2025-04-09 14:15
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp) in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget.
References
cve@mitre.orghttps://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1216141Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1216141Patch, Vendor Advisory
Impacted products
Vendor Product Version
servicenow servicenow quebec
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow san_diego


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:quebec:*:*:*:*:*:*:*",
                     matchCriteriaId: "412004C5-93F0-4EC0-B928-E6F41AB95FBE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:*:*:*:*:*:*:*",
                     matchCriteriaId: "001789AB-E56B-4D04-B1B4-DD326A0CB1C9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_1:*:*:*:*:*:*",
                     matchCriteriaId: "52C8A7D2-F930-4078-9E9D-E48782E46CBD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_2:*:*:*:*:*:*",
                     matchCriteriaId: "EAA82A56-93C2-47DC-92BA-D2EBF0C19EEC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_3:*:*:*:*:*:*",
                     matchCriteriaId: "B053530E-1CB3-4A86-BD4B-569750776A53",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_4:*:*:*:*:*:*",
                     matchCriteriaId: "00EE16EE-B759-4BD8-A30B-C952142C860E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:*:*:*:*:*:*:*",
                     matchCriteriaId: "0332F3A4-ABA4-4EE1-955C-C4B4B2B3C881",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp) in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad de cross-site scripting (XSS) en el Employee Service Center (esc) y Service Portal (sp) en ServiceNow Quebec, Roma y San Diego permite a atacantes remotos inyectar scripts web arbitrario a través del widget Standard Ticket Conversations.",
      },
   ],
   id: "CVE-2022-42704",
   lastModified: "2025-04-09T14:15:25.053",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.4,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.3,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.4,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.3,
            impactScore: 2.7,
            source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
            type: "Secondary",
         },
      ],
   },
   published: "2023-01-13T00:15:09.563",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1216141",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Patch",
            "Vendor Advisory",
         ],
         url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1216141",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2024-07-10 17:15
Modified
2024-11-27 18:56
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
References
psirt@servicenow.comhttps://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293Permissions Required
psirt@servicenow.comhttps://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1648313Vendor Advisory
psirt@servicenow.comhttps://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploitPress/Media Coverage
af854a3a-2127-422b-91ae-364da2661108https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1648313Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploitPress/Media Coverage
Impacted products
Vendor Product Version
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc


To clipboard 

{
   cisaActionDue: "2024-08-19",
   cisaExploitAdd: "2024-07-29",
   cisaRequiredAction: "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
   cisaVulnerabilityName: "ServiceNow Incomplete List of Disallowed Inputs Vulnerability",
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:-:*:*:*:*:*:*",
                     matchCriteriaId: "69E0078E-1953-4F4F-9D5A-B1A140C4B310",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:early_availability:*:*:*:*:*:*",
                     matchCriteriaId: "03FE0B52-C7A6-4632-A09E-BE7AB8610DD7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_1:*:*:*:*:*:*",
                     matchCriteriaId: "DB5CA109-5DC1-4952-AC15-69FAC332BCA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "44506775-0370-4583-9236-6C9F646B6622",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "1A76B918-45DB-49A9-B323-5CB6FF8200AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "118B4618-8702-4C38-88EE-B41C2C9DBF31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "92BED123-0FFC-4113-B0B6-A1A8BD69F4CF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_10:*:*:*:*:*:*",
                     matchCriteriaId: "76439FC6-2DD2-4AD4-9EB6-A2FEAC10B205",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_10_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "8097D9B0-9329-4EB7-BB7E-0FF3057D408B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_10_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "AFEA8D14-D1C8-486B-ABE7-25C9D6B72CE9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_10a:*:*:*:*:*:*",
                     matchCriteriaId: "5DA716A2-E697-4BC3-8127-E772E67E1C49",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_10a_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "EEBB1DCE-25AA-4F95-984C-5BB5341A90ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_10b:*:*:*:*:*:*",
                     matchCriteriaId: "AE34BA83-3810-4314-9A45-B1A8944C6612",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_2:*:*:*:*:*:*",
                     matchCriteriaId: "98E3E0AF-A341-43BB-91C6-75BBDE695280",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_2_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "20AC3991-0E5B-4164-807F-0E270B1867BE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_2_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "44F86BEB-77D0-41AF-816C-F73B2D9601FE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_2_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "C9C467AA-B1A2-4A2A-8363-623232BCBCA0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_2_hotfix_4:*:*:*:*:*:*",
                     matchCriteriaId: "A6E189F6-6623-4A0C-8767-A3CC1C12B759",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_3:*:*:*:*:*:*",
                     matchCriteriaId: "9D6885DD-230B-468B-B936-7512BE80849D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_3_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "1476C240-FCB0-43E3-9C79-2264DB6C200A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_3_hotfix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "9783CA53-CDBD-44F0-B2B9-8C49EBE9FCB4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_4:*:*:*:*:*:*",
                     matchCriteriaId: "481EC1AA-5863-4641-B67F-CD51416ED0EA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "402D816A-2650-4743-A386-029C0D063C39",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "56CBE65E-2D5A-4191-A2F4-8AC76050404F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_2a:*:*:*:*:*:*",
                     matchCriteriaId: "05587BC2-574F-42B6-A121-7ACFD0691ED5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_2b:*:*:*:*:*:*",
                     matchCriteriaId: "76D69B8D-02EE-4E3D-9F54-E94F6DB09D5B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "CC772DD6-2814-4EEF-A524-CC752C277337",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_3b:*:*:*:*:*:*",
                     matchCriteriaId: "996C57B4-E8AC-48F6-BA71-328F714B1BAC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_4:*:*:*:*:*:*",
                     matchCriteriaId: "10B82BE2-BE38-4EA7-85D5-AC28FF4F50BD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_4b:*:*:*:*:*:*",
                     matchCriteriaId: "D66B18D1-486D-4390-9D1E-5348D1C6729A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_5:*:*:*:*:*:*",
                     matchCriteriaId: "A0EC8ACE-70CA-44FC-ACA7-0868D620C86D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_5:*:*:*:*:*:*",
                     matchCriteriaId: "8D934721-565F-4707-A32A-B7E4BB9D2DD0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_5_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "4AA97D74-290C-47C7-9976-6EF83950C530",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_6:*:*:*:*:*:*",
                     matchCriteriaId: "122E0C17-B29B-44B9-A37E-745B103AD398",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_6_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "AADFD5CE-9C9D-46FF-9871-E2BD7B2C8B98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_6_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "ECE96EED-C729-4A84-B437-79CCE029C391",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_7:*:*:*:*:*:*",
                     matchCriteriaId: "8BD49264-D243-4625-828C-AF383D826779",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_7_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "FB29FCEC-3DDB-46EE-A7AA-4728E6B9A1D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_7_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "AC4CA2B8-EFD8-4C01-8F9C-E613619062DF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_7a:*:*:*:*:*:*",
                     matchCriteriaId: "0F601F74-593A-4566-A763-EF05E5138FA7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_7b:*:*:*:*:*:*",
                     matchCriteriaId: "47D4CC0E-E3F5-49AB-9D92-AC8FFB17A4C0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_8:*:*:*:*:*:*",
                     matchCriteriaId: "8A4CD267-D72A-4F09-BE9B-F008B1804AD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_8_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "24D2EBC6-F894-4C1D-A2FF-B49FF4007ED8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_9:*:*:*:*:*:*",
                     matchCriteriaId: "26D23EE3-0F88-47F7-ADCD-B74F81A08D9B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_9_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "FB793686-954A-49F8-BC35-A95325D61303",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_9_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "38DDACA8-69A9-4047-AD99-A7DDC320EAD8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_9_hotfix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "926C0F6A-0599-4239-B1CE-5D864BBAA315",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:-:*:*:*:*:*:*",
                     matchCriteriaId: "9DB67FCA-6127-486F-A866-3D5E63B81C35",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_1:*:*:*:*:*:*",
                     matchCriteriaId: "9132AB29-33C1-4825-BAD4-2804C26316B1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_1_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "68D99613-53A1-4B09-9A78-F8EFA0CC6B01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_2:*:*:*:*:*:*",
                     matchCriteriaId: "E8FCCFB6-DB7E-4DED-A7E0-1C03087754F5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "7ED2051C-FE4F-4C0A-A3BF-E33141DC3250",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "8CFD4017-5B8E-4CAF-B9E5-4A675C11F01A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "40D69E69-DF88-4F8C-A9BD-B642829107E4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "4D21A542-15DC-432C-9C60-F7CABE8D4807",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix1a:*:*:*:*:*:*",
                     matchCriteriaId: "1596163B-637A-49F9-B01F-C6CC297F7E5B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_3:*:*:*:*:*:*",
                     matchCriteriaId: "0B915FDA-9DCB-43B5-8081-F0690996A3EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "7308FA07-5C6D-41AA-9EE1-EE9BAAB50A1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "5ED407E7-9595-4B4D-9D53-1A4807BA327C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "1EA5B288-54DB-437E-88C2-05F90FF3C918",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_4:*:*:*:*:*:*",
                     matchCriteriaId: "6ED497ED-1588-4CF8-AE83-7CC7BEF8B982",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_4:*:*:*:*:*:*",
                     matchCriteriaId: "A74A3197-68F7-4303-A731-B87A8BF3F831",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "A08FD0FD-E062-4BEC-BE95-0ED2D106826B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "5F6A6F12-4D7A-4FD3-8FD6-C32D797BB810",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "847F9124-F3C6-4C93-9E80-544CB0580C8C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_2b:*:*:*:*:*:*",
                     matchCriteriaId: "12808B52-8F7D-4EE0-A43E-85A1C70A6BE3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_5:*:*:*:*:*:*",
                     matchCriteriaId: "81880B84-5E9D-4B7F-B1D5-1BF8D25DAF5D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_5_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "8011D2A7-770B-4AE5-80E6-C762F4F0BB55",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_6:*:*:*:*:*:*",
                     matchCriteriaId: "A58603E3-5AFC-4606-8F9E-1B4FF9A9B843",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_6_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "BED5F42A-5FFF-43E0-9BAD-A5E6C1110551",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7:*:*:*:*:*:*",
                     matchCriteriaId: "ABE64339-EF0B-4430-9768-FA7DE82AA61F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "FF79CA67-765A-4CCB-B1CB-EE1FC02CFCFA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "A3E71353-9AFF-4B6D-89BC-A2909A7C5DDF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "C9C5B57E-7852-4E38-9BDA-864CF6F9DB5A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2a:*:*:*:*:*:*",
                     matchCriteriaId: "EAA2E502-FCBC-404D-8FFA-4601F1D5B747",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2b:*:*:*:*:*:*",
                     matchCriteriaId: "650956A6-8DE6-4C16-A77C-2B208B41DF5F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_3a:*:*:*:*:*:*",
                     matchCriteriaId: "A49AC0E0-9164-43AD-959A-55FCB7965858",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_4:*:*:*:*:*:*",
                     matchCriteriaId: "46277115-1A2B-4526-83E8-1446EB5A1EAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "6CDFB167-F252-46A6-A5F6-EF9A4F93FC03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "43DE243B-E90A-4857-A3A6-3A045FE2D75F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_2a:*:*:*:*:*:*",
                     matchCriteriaId: "33689F99-48DD-47C6-AFAC-DC5D10785860",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_2b:*:*:*:*:*:*",
                     matchCriteriaId: "8F664F1F-5FB2-48B1-93C7-5DF415E673B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_8:*:*:*:*:*:*",
                     matchCriteriaId: "C641B881-7379-448A-A785-3381C72F8353",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "03D48963-936B-4A48-8859-A5066A259E03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "9149B850-7196-476A-9A27-DEB85B8C6F19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "10622260-FCBC-4CC0-804E-55D75200FC46",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_9:*:*:*:*:*:*",
                     matchCriteriaId: "CF44F7A1-D153-4723-BA45-0FE4E4725C2F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:-:*:*:*:*:*:*",
                     matchCriteriaId: "FFAC3BF9-2443-4C43-B67A-2BB99297D295",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1:*:*:*:*:*:*",
                     matchCriteriaId: "444DD275-789F-4C07-9D98-BBFAA1640DB3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "5B29B708-BD7C-4A6C-9E78-37D045101A17",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "1F6EDFA3-9014-4AA7-A17F-DDB1FE96588E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2a:*:*:*:*:*:*",
                     matchCriteriaId: "1DA447CA-A6A2-436C-9909-3F0419B7DD6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2b:*:*:*:*:*:*",
                     matchCriteriaId: "9F263893-6D34-49D6-9407-ED6CB823595E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2:*:*:*:*:*:*",
                     matchCriteriaId: "D18E2CD1-AC8E-4ABF-88DE-D3E61A297ED1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "52FC3724-35E5-4C3A-B6BA-3B270EA4255E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3:*:*:*:*:*:*",
                     matchCriteriaId: "6137BB81-6B48-4DCB-A9F6-A27D869C12FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "B06EABB5-0327-4816-AC7B-34D021758812",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4:*:*:*:*:*:*",
                     matchCriteriaId: "29DC5FC9-2ACF-4C51-93C4-2D0982BA0CA6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_5:*:*:*:*:*:*",
                     matchCriteriaId: "9CD5A918-9B71-4CFD-A6DB-437D3B647C6A",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.",
      },
      {
         lang: "es",
         value: "ServiceNow ha abordado una vulnerabilidad de validación de entrada que se identificó en las versiones de Washington DC, Vancouver y versiones anteriores de Now Platform. Esta vulnerabilidad podría permitir que un usuario no autenticado ejecute código de forma remota dentro del contexto de Now Platform. La vulnerabilidad se aborda en los parches y correcciones urgentes que se enumeran a continuación, que se lanzaron durante el ciclo de parches de junio de 2024. Si aún no lo ha hecho, le recomendamos aplicar los parches de seguridad relevantes para su instancia lo antes posible.",
      },
   ],
   id: "CVE-2024-5217",
   lastModified: "2024-11-27T18:56:05.783",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "psirt@servicenow.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
      cvssMetricV40: [
         {
            cvssData: {
               Automatable: "NOT_DEFINED",
               Recovery: "NOT_DEFINED",
               Safety: "NOT_DEFINED",
               attackComplexity: "LOW",
               attackRequirements: "PRESENT",
               attackVector: "NETWORK",
               availabilityRequirement: "NOT_DEFINED",
               baseScore: 9.2,
               baseSeverity: "CRITICAL",
               confidentialityRequirement: "NOT_DEFINED",
               exploitMaturity: "NOT_DEFINED",
               integrityRequirement: "NOT_DEFINED",
               modifiedAttackComplexity: "NOT_DEFINED",
               modifiedAttackRequirements: "NOT_DEFINED",
               modifiedAttackVector: "NOT_DEFINED",
               modifiedPrivilegesRequired: "NOT_DEFINED",
               modifiedSubAvailabilityImpact: "NOT_DEFINED",
               modifiedSubConfidentialityImpact: "NOT_DEFINED",
               modifiedSubIntegrityImpact: "NOT_DEFINED",
               modifiedUserInteraction: "NOT_DEFINED",
               modifiedVulnAvailabilityImpact: "NOT_DEFINED",
               modifiedVulnConfidentialityImpact: "NOT_DEFINED",
               modifiedVulnIntegrityImpact: "NOT_DEFINED",
               privilegesRequired: "NONE",
               providerUrgency: "NOT_DEFINED",
               subAvailabilityImpact: "NONE",
               subConfidentialityImpact: "NONE",
               subIntegrityImpact: "NONE",
               userInteraction: "NONE",
               valueDensity: "NOT_DEFINED",
               vectorString: "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
               version: "4.0",
               vulnAvailabilityImpact: "HIGH",
               vulnConfidentialityImpact: "HIGH",
               vulnIntegrityImpact: "HIGH",
               vulnerabilityResponseEffort: "NOT_DEFINED",
            },
            source: "psirt@servicenow.com",
            type: "Secondary",
         },
      ],
   },
   published: "2024-07-10T17:15:12.373",
   references: [
      {
         source: "psirt@servicenow.com",
         tags: [
            "Permissions Required",
         ],
         url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293",
      },
      {
         source: "psirt@servicenow.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1648313",
      },
      {
         source: "psirt@servicenow.com",
         tags: [
            "Press/Media Coverage",
         ],
         url: "https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
         ],
         url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1648313",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Press/Media Coverage",
         ],
         url: "https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit",
      },
   ],
   sourceIdentifier: "psirt@servicenow.com",
   vulnStatus: "Analyzed",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-184",
            },
         ],
         source: "psirt@servicenow.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-697",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-06-13 19:15
Modified
2025-02-13 17:15
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality. Additional Details This issue is present in the following supported ServiceNow releases: * Quebec prior to Patch 10 Hot Fix 8b * Rome prior to Patch 10 Hot Fix 1 * San Diego prior to Patch 7 * Tokyo prior to Tokyo Patch 1; and * Utah prior to Utah General Availability If this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls.
References
psirt@servicenow.comhttp://packetstormsecurity.com/files/173354/ServiceNow-Insecure-Access-Control-Full-Admin-Compromise.html
psirt@servicenow.comhttp://seclists.org/fulldisclosure/2023/Jul/11
psirt@servicenow.comhttps://news.ycombinator.com/item?id=36638530
psirt@servicenow.comhttps://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1303489Vendor Advisory
psirt@servicenow.comhttps://x64.sh/posts/ServiceNow-Insecure-access-control-to-admin/
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/173354/ServiceNow-Insecure-Access-Control-Full-Admin-Compromise.html
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2023/Jul/11
af854a3a-2127-422b-91ae-364da2661108https://news.ycombinator.com/item?id=36638530
af854a3a-2127-422b-91ae-364da2661108https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1303489Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://x64.sh/posts/ServiceNow-Insecure-access-control-to-admin/
Impacted products
Vendor Product Version
servicenow servicenow quebec
servicenow servicenow quebec
servicenow servicenow quebec
servicenow servicenow quebec
servicenow servicenow quebec
servicenow servicenow quebec
servicenow servicenow quebec
servicenow servicenow quebec
servicenow servicenow quebec
servicenow servicenow quebec
servicenow servicenow quebec
servicenow servicenow quebec
servicenow servicenow quebec
servicenow servicenow quebec
servicenow servicenow quebec
servicenow servicenow quebec
servicenow servicenow quebec
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow tokyo
servicenow servicenow utah


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:quebec:patch_1_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "1B349D86-36DF-46C1-A268-F9C5EBE80223",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:quebec:patch_10:*:*:*:*:*:*",
                     matchCriteriaId: "8816E561-8E81-4C30-9C48-7836069202D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:quebec:patch_10_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "F9AB04CB-F83E-4C6B-8F5E-9D317845D56E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:quebec:patch_10_hotfix_3a:*:*:*:*:*:*",
                     matchCriteriaId: "68E70794-77D1-4B96-B5B4-7E9624153D56",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:quebec:patch_10_hotfix_3b:*:*:*:*:*:*",
                     matchCriteriaId: "408EF715-7549-47B2-8F36-7D7C693C347D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:quebec:patch_10_hotfix_4:*:*:*:*:*:*",
                     matchCriteriaId: "0CE44A53-AF6C-488F-9163-7162955D9E21",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:quebec:patch_2:*:*:*:*:*:*",
                     matchCriteriaId: "B2B004A9-64C0-4279-AA1E-7CA2C4C9CAC0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:quebec:patch_2_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "9992847C-D46A-4557-8E3E-3E15619C31DD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:quebec:patch_2_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "1DF72944-0771-4867-A9FF-EBAA25787FE4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:quebec:patch_3:*:*:*:*:*:*",
                     matchCriteriaId: "6FDDA0D0-5010-4C07-A6C4-D6B2A873E348",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:quebec:patch_4:*:*:*:*:*:*",
                     matchCriteriaId: "F3AD962E-FCD3-490E-BD60-587227732B92",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:quebec:patch_4_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "10B1C7D9-E7A6-47FC-94B0-0C73E3C84F6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:quebec:patch_5:*:*:*:*:*:*",
                     matchCriteriaId: "B0FE839F-229A-459C-AEEB-AFE424764B72",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:quebec:patch_6:*:*:*:*:*:*",
                     matchCriteriaId: "77BE7B49-D510-4D23-BB2A-A2C0FA31B3E9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:quebec:patch_7:*:*:*:*:*:*",
                     matchCriteriaId: "F0D9D4EB-5113-4FC4-B4E1-2E081FE45CF4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:quebec:patch_8:*:*:*:*:*:*",
                     matchCriteriaId: "AB5847EE-379F-48CD-AB5C-472582EEC9FB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:quebec:patch_9:*:*:*:*:*:*",
                     matchCriteriaId: "29725C9C-F01E-48D0-8AC6-EF4187B53461",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_1:*:*:*:*:*:*",
                     matchCriteriaId: "52C8A7D2-F930-4078-9E9D-E48782E46CBD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "512C81E4-0C27-42EC-AD05-7563B50EF1DD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "2B403376-993D-404D-B75B-A2B634095DD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "A5BBA03C-2A2E-4259-9F8E-99622F6758B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "D609B90C-E67E-461A-8756-36E06E265FF0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "2A05F1AF-0E08-4280-A006-A27C917C9E82",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_10:*:*:*:*:*:*",
                     matchCriteriaId: "5E3198D2-CC9C-46F7-A366-6C16F3F35439",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_2:*:*:*:*:*:*",
                     matchCriteriaId: "EAA82A56-93C2-47DC-92BA-D2EBF0C19EEC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_2_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "B4FEEDD5-F852-49AA-BDF9-869040C7F3C4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_2_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "763B0915-14EF-4405-AAB6-78B185D5744B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_3:*:*:*:*:*:*",
                     matchCriteriaId: "B053530E-1CB3-4A86-BD4B-569750776A53",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_3_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "4CF1B2AB-D561-4396-AA99-71FCD55B5D3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_4:*:*:*:*:*:*",
                     matchCriteriaId: "00EE16EE-B759-4BD8-A30B-C952142C860E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "1F157018-E6F2-45D1-8B54-68C051247798",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "88603AEF-0EC2-4006-B7F2-E5FFAC8F354C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "FB5BC2C0-A5CF-455F-A732-E49672B5682E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_5:*:*:*:*:*:*",
                     matchCriteriaId: "66E9CCC4-7BC4-4FC2-8B54-B8746A83256C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_5_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "56E7DB16-6ABC-4ED3-99C1-A33914242405",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_5_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "55AC0E29-0F51-4D1D-A5EF-AECD29FAE417",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_6:*:*:*:*:*:*",
                     matchCriteriaId: "5DCC0D37-6840-4882-84E1-AE1E83ABF31B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_6_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "CF53F785-2D19-48FB-9D88-9817785E5082",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_6_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "9EAAADE1-5804-44FB-BD9A-881BDA4FE1F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_7:*:*:*:*:*:*",
                     matchCriteriaId: "DC20DB81-AA27-4BE5-9296-2E4E6000F56B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_7_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "DECC9979-3A0B-4F36-85D1-DD539A7D18C9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_7a:*:*:*:*:*:*",
                     matchCriteriaId: "563F3D85-A23A-453F-9932-3044F8B5566C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_7b:*:*:*:*:*:*",
                     matchCriteriaId: "3C770579-EDDC-4F46-8288-33A13289A8A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_8:*:*:*:*:*:*",
                     matchCriteriaId: "78447698-90FF-4010-BF0B-3294E2EBB69B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_8_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "A32EF135-C229-49B1-8766-1ED6066C7CC8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_8_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "22E5BA6F-6C66-4589-8AA9-C76776DCFCCB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_9:*:*:*:*:*:*",
                     matchCriteriaId: "AE93BECE-CC4A-400A-9322-5E61DA5E6A75",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_9_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "38D3CF30-CAC5-49B1-B527-9C9D24C28A54",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_9a:*:*:*:*:*:*",
                     matchCriteriaId: "8C48A10D-0295-4023-AB20-0BE4D8AA582A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_9b:*:*:*:*:*:*",
                     matchCriteriaId: "0F42AF52-C388-44BB-B328-5E77CF9E4622",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1:*:*:*:*:*:*",
                     matchCriteriaId: "71A44062-D94F-4246-A218-33AD4C43C7FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "6A4ABAF4-C84B-4E7B-A156-24640B7D56EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "2855AE65-1B96-4537-BB6E-7659114955EA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "63725CBE-34A5-4B9E-BA8E-32E66B89C646",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_10_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "9F249B02-DB97-4AFB-A786-AA685AA4E50B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_10_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "C143A667-EBF1-4F6D-AB21-833B184FBFF8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_10_hotfix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "CD9C6C64-E92C-45A8-BC0C-71DE31F70D34",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_10_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "0C7C2818-6225-4652-B066-A11BD45D4608",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_10_hotfix_2b:*:*:*:*:*:*",
                     matchCriteriaId: "C46E8D6C-A65F-473B-AFCD-B16EA09023AB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_2:*:*:*:*:*:*",
                     matchCriteriaId: "8B2DC45C-17A0-4D92-AB29-3497DA43707E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_2_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "F2822278-2089-4F78-86EE-D63A9516B5A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3:*:*:*:*:*:*",
                     matchCriteriaId: "49444E5E-0AB7-4083-8663-089955134AA7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "8B5E2C3D-F838-48E0-8135-455AF964221D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "2494C288-83E1-48DF-9661-540B26C9137E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "815997A7-39CB-4C78-B776-54DECE294AA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_4:*:*:*:*:*:*",
                     matchCriteriaId: "DE7FDD4B-163B-462A-A80C-454F5040FF90",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_4:*:*:*:*:*:*",
                     matchCriteriaId: "FB55D9E6-FD9C-48A8-800D-10C665120792",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_4a:*:*:*:*:*:*",
                     matchCriteriaId: "D481F300-EDF4-4E22-B865-F3AAFCE27692",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_4b:*:*:*:*:*:*",
                     matchCriteriaId: "311B0413-3771-4CAF-9A14-0726B2923A76",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_5:*:*:*:*:*:*",
                     matchCriteriaId: "E74913AB-25EE-4F18-B2FA-5C261D7ADE25",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_6:*:*:*:*:*:*",
                     matchCriteriaId: "5C99222F-B676-471F-8E44-707024B2B097",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:-:*:*:*:*:*:*",
                     matchCriteriaId: "4332BE18-DA60-4921-A9DF-C434AB32839B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:-:*:*:*:*:*:*",
                     matchCriteriaId: "69E0078E-1953-4F4F-9D5A-B1A140C4B310",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality.\n\n\n\nAdditional Details\n\nThis issue is present in the following supported ServiceNow releases: \n\n\n\n  *  Quebec prior to Patch 10 Hot Fix 8b\n  *  Rome prior to Patch 10 Hot Fix 1\n  *  San Diego prior to Patch 7\n  *  Tokyo prior to Tokyo Patch 1; and \n  *  Utah prior to Utah General Availability \n\n\n\n\nIf this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls.",
      },
   ],
   id: "CVE-2022-43684",
   lastModified: "2025-02-13T17:15:46.027",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.9,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.1,
            impactScore: 6,
            source: "psirt@servicenow.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-06-13T19:15:09.243",
   references: [
      {
         source: "psirt@servicenow.com",
         url: "http://packetstormsecurity.com/files/173354/ServiceNow-Insecure-Access-Control-Full-Admin-Compromise.html",
      },
      {
         source: "psirt@servicenow.com",
         url: "http://seclists.org/fulldisclosure/2023/Jul/11",
      },
      {
         source: "psirt@servicenow.com",
         url: "https://news.ycombinator.com/item?id=36638530",
      },
      {
         source: "psirt@servicenow.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1303489",
      },
      {
         source: "psirt@servicenow.com",
         url: "https://x64.sh/posts/ServiceNow-Insecure-access-control-to-admin/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://packetstormsecurity.com/files/173354/ServiceNow-Insecure-Access-Control-Full-Admin-Compromise.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://seclists.org/fulldisclosure/2023/Jul/11",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://news.ycombinator.com/item?id=36638530",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1303489",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://x64.sh/posts/ServiceNow-Insecure-access-control-to-admin/",
      },
   ],
   sourceIdentifier: "psirt@servicenow.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-200",
            },
         ],
         source: "psirt@servicenow.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-668",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-04-17 22:15
Modified
2024-11-21 07:30
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego Patch 9, Tokyo Patch 4, and Utah GA. This enables an unauthenticated remote attacker to execute arbitrary JavaScript code in the browser-based web console.
References
psirt@servicenow.comhttps://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1272156Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1272156Vendor Advisory
Impacted products
Vendor Product Version
servicenow servicenow quebec
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:quebec:-:*:*:*:*:*:*",
                     matchCriteriaId: "C5A68765-7406-48CB-965E-6C09A7465CF7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:-:*:*:*:*:*:*",
                     matchCriteriaId: "F59FAF00-135F-4AC1-B68E-B6F1ED98ACAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:early_availability:*:*:*:*:*:*",
                     matchCriteriaId: "5C8E54FC-835C-4F34-8514-D0BC8B807594",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_1:*:*:*:*:*:*",
                     matchCriteriaId: "52C8A7D2-F930-4078-9E9D-E48782E46CBD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "2B403376-993D-404D-B75B-A2B634095DD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "A5BBA03C-2A2E-4259-9F8E-99622F6758B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_10:*:*:*:*:*:*",
                     matchCriteriaId: "5E3198D2-CC9C-46F7-A366-6C16F3F35439",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_2:*:*:*:*:*:*",
                     matchCriteriaId: "EAA82A56-93C2-47DC-92BA-D2EBF0C19EEC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_3:*:*:*:*:*:*",
                     matchCriteriaId: "B053530E-1CB3-4A86-BD4B-569750776A53",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_4:*:*:*:*:*:*",
                     matchCriteriaId: "00EE16EE-B759-4BD8-A30B-C952142C860E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "1F157018-E6F2-45D1-8B54-68C051247798",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "88603AEF-0EC2-4006-B7F2-E5FFAC8F354C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "FB5BC2C0-A5CF-455F-A732-E49672B5682E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_5:*:*:*:*:*:*",
                     matchCriteriaId: "66E9CCC4-7BC4-4FC2-8B54-B8746A83256C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_6:*:*:*:*:*:*",
                     matchCriteriaId: "5DCC0D37-6840-4882-84E1-AE1E83ABF31B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_7:*:*:*:*:*:*",
                     matchCriteriaId: "DC20DB81-AA27-4BE5-9296-2E4E6000F56B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_7a:*:*:*:*:*:*",
                     matchCriteriaId: "563F3D85-A23A-453F-9932-3044F8B5566C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_7b:*:*:*:*:*:*",
                     matchCriteriaId: "3C770579-EDDC-4F46-8288-33A13289A8A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_8:*:*:*:*:*:*",
                     matchCriteriaId: "78447698-90FF-4010-BF0B-3294E2EBB69B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_9:*:*:*:*:*:*",
                     matchCriteriaId: "AE93BECE-CC4A-400A-9322-5E61DA5E6A75",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_9a:*:*:*:*:*:*",
                     matchCriteriaId: "8C48A10D-0295-4023-AB20-0BE4D8AA582A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:-:*:*:*:*:*:*",
                     matchCriteriaId: "F63300E0-AF0E-44DA-BEC4-D7F560DCE4C4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1:*:*:*:*:*:*",
                     matchCriteriaId: "71A44062-D94F-4246-A218-33AD4C43C7FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "6A4ABAF4-C84B-4E7B-A156-24640B7D56EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "2855AE65-1B96-4537-BB6E-7659114955EA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "63725CBE-34A5-4B9E-BA8E-32E66B89C646",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_2:*:*:*:*:*:*",
                     matchCriteriaId: "8B2DC45C-17A0-4D92-AB29-3497DA43707E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3:*:*:*:*:*:*",
                     matchCriteriaId: "49444E5E-0AB7-4083-8663-089955134AA7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_4:*:*:*:*:*:*",
                     matchCriteriaId: "FB55D9E6-FD9C-48A8-800D-10C665120792",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_4a:*:*:*:*:*:*",
                     matchCriteriaId: "D481F300-EDF4-4E22-B865-F3AAFCE27692",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_4b:*:*:*:*:*:*",
                     matchCriteriaId: "311B0413-3771-4CAF-9A14-0726B2923A76",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_5:*:*:*:*:*:*",
                     matchCriteriaId: "E74913AB-25EE-4F18-B2FA-5C261D7ADE25",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_6:*:*:*:*:*:*",
                     matchCriteriaId: "5C99222F-B676-471F-8E44-707024B2B097",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_7:*:*:*:*:*:*",
                     matchCriteriaId: "276A7ABE-2437-455C-9C5B-C05CAAC183A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_7b:*:*:*:*:*:*",
                     matchCriteriaId: "F2371A53-1D57-4508-B18A-4FBA0288CF7B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_8:*:*:*:*:*:*",
                     matchCriteriaId: "BB9E765B-C094-4FC4-B9E3-0732F24C10D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:-:*:*:*:*:*:*",
                     matchCriteriaId: "4332BE18-DA60-4921-A9DF-C434AB32839B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:early_availability:*:*:*:*:*:*",
                     matchCriteriaId: "F347AF0E-EBED-4FC2-8994-E06891FC8879",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_1:*:*:*:*:*:*",
                     matchCriteriaId: "09179BB2-B8D4-4FF9-925E-B5B259EFDF4F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_1a:*:*:*:*:*:*",
                     matchCriteriaId: "25F6EDF2-EC52-4821-80A7-1B7DB55CD5FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_1b:*:*:*:*:*:*",
                     matchCriteriaId: "634CC5CF-5883-44A9-86D9-7DFEADCB4AC0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_2:*:*:*:*:*:*",
                     matchCriteriaId: "F5DD8964-4A2D-4CE8-9C45-58E20DB30964",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_3:*:*:*:*:*:*",
                     matchCriteriaId: "FDDF1F29-9BF2-4F82-B375-8BC4E38E6D2D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:-:*:*:*:*:*:*",
                     matchCriteriaId: "69E0078E-1953-4F4F-9D5A-B1A140C4B310",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:early_availability:*:*:*:*:*:*",
                     matchCriteriaId: "03FE0B52-C7A6-4632-A09E-BE7AB8610DD7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_1:*:*:*:*:*:*",
                     matchCriteriaId: "DB5CA109-5DC1-4952-AC15-69FAC332BCA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_2:*:*:*:*:*:*",
                     matchCriteriaId: "98E3E0AF-A341-43BB-91C6-75BBDE695280",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego Patch 9, Tokyo Patch 4, and Utah GA. This enables an unauthenticated remote attacker to execute arbitrary JavaScript code in the browser-based web console.",
      },
   ],
   id: "CVE-2022-46389",
   lastModified: "2024-11-21T07:30:30.130",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "psirt@servicenow.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-04-17T22:15:07.840",
   references: [
      {
         source: "psirt@servicenow.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1272156",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1272156",
      },
   ],
   sourceIdentifier: "psirt@servicenow.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "psirt@servicenow.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2018-08-03 18:29
Modified
2024-11-21 04:12
Severity ?
8.8 (High) - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '${xyz}' Glide Scripting Injection in the sysparm_media parameter.
References
cve@mitre.orghttps://telekomsecurity.github.io/2018/07/servicenow-privilege-escalation.htmlExploit, Third Party Advisory
cve@mitre.orghttps://telekomsecurity.github.io/assets/advisories/20180104_ServiceNow_GlideInjection.txtExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://telekomsecurity.github.io/2018/07/servicenow-privilege-escalation.htmlExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://telekomsecurity.github.io/assets/advisories/20180104_ServiceNow_GlideInjection.txtExploit, Third Party Advisory
Impacted products
Vendor Product Version
servicenow servicenow jakarta
servicenow servicenow jakarta
servicenow servicenow jakarta
servicenow servicenow jakarta
servicenow servicenow jakarta
servicenow servicenow jakarta
servicenow servicenow jakarta
servicenow servicenow jakarta
servicenow servicenow jakarta
servicenow servicenow jakarta
servicenow servicenow jakarta
servicenow servicenow jakarta


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:jakarta:*:*:*:*:*:*:*",
                     matchCriteriaId: "8B8A3E12-1A86-4127-B9A9-876B457653F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:jakarta:p1:*:*:*:*:*:*",
                     matchCriteriaId: "9F98FA32-B3EE-4419-A66F-F3A1F7242AC0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:jakarta:p2:*:*:*:*:*:*",
                     matchCriteriaId: "363F62B5-04E6-4DC0-9B29-FF5C5F657555",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:jakarta:p3:*:*:*:*:*:*",
                     matchCriteriaId: "46838B91-6D08-4854-A763-404DC77CBD40",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:jakarta:p3a:*:*:*:*:*:*",
                     matchCriteriaId: "73A8A994-1F40-4432-AB56-BAFC52934A61",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:jakarta:p3b:*:*:*:*:*:*",
                     matchCriteriaId: "21DD3CAE-4DCA-4D3C-9CDD-728B142CE31C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:jakarta:p4:*:*:*:*:*:*",
                     matchCriteriaId: "A617B59B-DFF2-4838-85B0-E130EEF5201F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:jakarta:p5:*:*:*:*:*:*",
                     matchCriteriaId: "B71E3C94-09EE-4BE2-A444-1A7B353F4F96",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:jakarta:p6:*:*:*:*:*:*",
                     matchCriteriaId: "75396F97-4004-4D59-8924-FF6AC0615211",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:jakarta:p6a:*:*:*:*:*:*",
                     matchCriteriaId: "7A3E7E7C-3250-4912-883E-CFD1A46A7181",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:jakarta:p7:*:*:*:*:*:*",
                     matchCriteriaId: "03AE01F3-F14D-4CFD-97A0-1E843EA11A71",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:jakarta:p8:*:*:*:*:*:*",
                     matchCriteriaId: "0D1678E2-F680-4928-8189-7EC196475A6E",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '${xyz}' Glide Scripting Injection in the sysparm_media parameter.",
      },
      {
         lang: "es",
         value: "report_viewer.do en ServiceNow Release Jakarta Patch 8 y anteriores permite que atacantes remotos ejecuten código arbitrario mediante una inyección de Glide Scripting \"${xyz}\" en el parámetro sysparm_media.",
      },
   ],
   id: "CVE-2018-7748",
   lastModified: "2024-11-21T04:12:39.383",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "SINGLE",
               availabilityImpact: "PARTIAL",
               baseScore: 6.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:S/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 8,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV30: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 8.8,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
               version: "3.0",
            },
            exploitabilityScore: 2.8,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2018-08-03T18:29:00.923",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://telekomsecurity.github.io/2018/07/servicenow-privilege-escalation.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://telekomsecurity.github.io/assets/advisories/20180104_ServiceNow_GlideInjection.txt",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://telekomsecurity.github.io/2018/07/servicenow-privilege-escalation.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://telekomsecurity.github.io/assets/advisories/20180104_ServiceNow_GlideInjection.txt",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-94",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-04-14 20:15
Modified
2025-02-06 22:15
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain.
References
psirt@servicenow.comhttps://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1219857Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1219857Vendor Advisory
Impacted products
Vendor Product Version
servicenow servicenow quebec
servicenow servicenow quebec
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow tokyo
servicenow servicenow tokyo


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:quebec:-:*:*:*:*:*:*",
                     matchCriteriaId: "C5A68765-7406-48CB-965E-6C09A7465CF7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:quebec:patch_10:*:*:*:*:*:*",
                     matchCriteriaId: "8816E561-8E81-4C30-9C48-7836069202D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_1:*:*:*:*:*:*",
                     matchCriteriaId: "52C8A7D2-F930-4078-9E9D-E48782E46CBD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "512C81E4-0C27-42EC-AD05-7563B50EF1DD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "A5BBA03C-2A2E-4259-9F8E-99622F6758B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "D609B90C-E67E-461A-8756-36E06E265FF0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "2A05F1AF-0E08-4280-A006-A27C917C9E82",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_10:*:*:*:*:*:*",
                     matchCriteriaId: "5E3198D2-CC9C-46F7-A366-6C16F3F35439",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "DD0D5C00-C5D2-4E30-BEB7-AA2ACBE68CF3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "F5B1C958-54DF-45BE-BD2B-60A44B846971",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_2a:*:*:*:*:*:*",
                     matchCriteriaId: "6BE785D2-A5C9-4ED7-968A-C01F257E8514",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_2:*:*:*:*:*:*",
                     matchCriteriaId: "EAA82A56-93C2-47DC-92BA-D2EBF0C19EEC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_2_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "B4FEEDD5-F852-49AA-BDF9-869040C7F3C4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_2_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "763B0915-14EF-4405-AAB6-78B185D5744B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_3:*:*:*:*:*:*",
                     matchCriteriaId: "B053530E-1CB3-4A86-BD4B-569750776A53",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_3_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "4CF1B2AB-D561-4396-AA99-71FCD55B5D3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_4:*:*:*:*:*:*",
                     matchCriteriaId: "00EE16EE-B759-4BD8-A30B-C952142C860E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "1F157018-E6F2-45D1-8B54-68C051247798",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "88603AEF-0EC2-4006-B7F2-E5FFAC8F354C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "FB5BC2C0-A5CF-455F-A732-E49672B5682E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_5:*:*:*:*:*:*",
                     matchCriteriaId: "66E9CCC4-7BC4-4FC2-8B54-B8746A83256C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_5_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "56E7DB16-6ABC-4ED3-99C1-A33914242405",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_5_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "55AC0E29-0F51-4D1D-A5EF-AECD29FAE417",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_6:*:*:*:*:*:*",
                     matchCriteriaId: "5DCC0D37-6840-4882-84E1-AE1E83ABF31B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_6_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "CF53F785-2D19-48FB-9D88-9817785E5082",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_6_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "9EAAADE1-5804-44FB-BD9A-881BDA4FE1F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_7:*:*:*:*:*:*",
                     matchCriteriaId: "DC20DB81-AA27-4BE5-9296-2E4E6000F56B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_7_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "DECC9979-3A0B-4F36-85D1-DD539A7D18C9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_7a:*:*:*:*:*:*",
                     matchCriteriaId: "563F3D85-A23A-453F-9932-3044F8B5566C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_7b:*:*:*:*:*:*",
                     matchCriteriaId: "3C770579-EDDC-4F46-8288-33A13289A8A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_8:*:*:*:*:*:*",
                     matchCriteriaId: "78447698-90FF-4010-BF0B-3294E2EBB69B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_8_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "A32EF135-C229-49B1-8766-1ED6066C7CC8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_8_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "22E5BA6F-6C66-4589-8AA9-C76776DCFCCB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_9:*:*:*:*:*:*",
                     matchCriteriaId: "AE93BECE-CC4A-400A-9322-5E61DA5E6A75",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_9_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "38D3CF30-CAC5-49B1-B527-9C9D24C28A54",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_9a:*:*:*:*:*:*",
                     matchCriteriaId: "8C48A10D-0295-4023-AB20-0BE4D8AA582A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_9b:*:*:*:*:*:*",
                     matchCriteriaId: "0F42AF52-C388-44BB-B328-5E77CF9E4622",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1:*:*:*:*:*:*",
                     matchCriteriaId: "71A44062-D94F-4246-A218-33AD4C43C7FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "6A4ABAF4-C84B-4E7B-A156-24640B7D56EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "2855AE65-1B96-4537-BB6E-7659114955EA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "63725CBE-34A5-4B9E-BA8E-32E66B89C646",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_2:*:*:*:*:*:*",
                     matchCriteriaId: "8B2DC45C-17A0-4D92-AB29-3497DA43707E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_2_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "F2822278-2089-4F78-86EE-D63A9516B5A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3:*:*:*:*:*:*",
                     matchCriteriaId: "49444E5E-0AB7-4083-8663-089955134AA7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "8B5E2C3D-F838-48E0-8135-455AF964221D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "2494C288-83E1-48DF-9661-540B26C9137E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "815997A7-39CB-4C78-B776-54DECE294AA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_4:*:*:*:*:*:*",
                     matchCriteriaId: "DE7FDD4B-163B-462A-A80C-454F5040FF90",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_4:*:*:*:*:*:*",
                     matchCriteriaId: "FB55D9E6-FD9C-48A8-800D-10C665120792",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_4a:*:*:*:*:*:*",
                     matchCriteriaId: "D481F300-EDF4-4E22-B865-F3AAFCE27692",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_4b:*:*:*:*:*:*",
                     matchCriteriaId: "311B0413-3771-4CAF-9A14-0726B2923A76",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_6:*:*:*:*:*:*",
                     matchCriteriaId: "5C99222F-B676-471F-8E44-707024B2B097",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_7:*:*:*:*:*:*",
                     matchCriteriaId: "276A7ABE-2437-455C-9C5B-C05CAAC183A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_8:*:*:*:*:*:*",
                     matchCriteriaId: "BB9E765B-C094-4FC4-B9E3-0732F24C10D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:-:*:*:*:*:*:*",
                     matchCriteriaId: "4332BE18-DA60-4921-A9DF-C434AB32839B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch1:*:*:*:*:*:*",
                     matchCriteriaId: "9B73C50B-B52A-41E0-9B5B-E84CEA5503B4",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain.\n\n",
      },
   ],
   id: "CVE-2022-46886",
   lastModified: "2025-02-06T22:15:34.057",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "LOW",
               baseScore: 5.5,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
               version: "3.1",
            },
            exploitabilityScore: 2.1,
            impactScore: 3.4,
            source: "psirt@servicenow.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-04-14T20:15:09.413",
   references: [
      {
         source: "psirt@servicenow.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1219857",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1219857",
      },
   ],
   sourceIdentifier: "psirt@servicenow.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-601",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-601",
            },
         ],
         source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-08-23 19:15
Modified
2024-11-21 07:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard.
References
cve@mitre.orghttps://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1122640Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1122640Vendor Advisory
Impacted products
Vendor Product Version
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1:*:*:*:*:*:*",
                     matchCriteriaId: "71A44062-D94F-4246-A218-33AD4C43C7FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "6A4ABAF4-C84B-4E7B-A156-24640B7D56EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "2855AE65-1B96-4537-BB6E-7659114955EA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "63725CBE-34A5-4B9E-BA8E-32E66B89C646",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_2:*:*:*:*:*:*",
                     matchCriteriaId: "8B2DC45C-17A0-4D92-AB29-3497DA43707E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_2_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "F2822278-2089-4F78-86EE-D63A9516B5A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3:*:*:*:*:*:*",
                     matchCriteriaId: "49444E5E-0AB7-4083-8663-089955134AA7",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard.",
      },
      {
         lang: "es",
         value: "ServiceNow versiones hasta San Diego Patch 3 permite XSS por medio del campo name durante la creación de un nuevo panel de control para el panel de análisis de rendimiento.",
      },
   ],
   id: "CVE-2022-38172",
   lastModified: "2024-11-21T07:15:56.290",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-08-23T19:15:09.800",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1122640",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1122640",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2024-07-10 17:15
Modified
2024-11-27 19:07
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
References
psirt@servicenow.comhttps://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293Permissions Required
psirt@servicenow.comhttps://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1645154Vendor Advisory
psirt@servicenow.comhttps://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploitPress/Media Coverage, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1645154Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploitPress/Media Coverage, Third Party Advisory
Impacted products
Vendor Product Version
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow utah
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc


To clipboard 

{
   cisaActionDue: "2024-08-19",
   cisaExploitAdd: "2024-07-29",
   cisaRequiredAction: "Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.",
   cisaVulnerabilityName: "ServiceNow Improper Input Validation Vulnerability",
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:-:*:*:*:*:*:*",
                     matchCriteriaId: "69E0078E-1953-4F4F-9D5A-B1A140C4B310",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:early_availability:*:*:*:*:*:*",
                     matchCriteriaId: "03FE0B52-C7A6-4632-A09E-BE7AB8610DD7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_1:*:*:*:*:*:*",
                     matchCriteriaId: "DB5CA109-5DC1-4952-AC15-69FAC332BCA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "44506775-0370-4583-9236-6C9F646B6622",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "1A76B918-45DB-49A9-B323-5CB6FF8200AA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "118B4618-8702-4C38-88EE-B41C2C9DBF31",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "92BED123-0FFC-4113-B0B6-A1A8BD69F4CF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_10:*:*:*:*:*:*",
                     matchCriteriaId: "76439FC6-2DD2-4AD4-9EB6-A2FEAC10B205",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_10_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "8097D9B0-9329-4EB7-BB7E-0FF3057D408B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_10_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "AFEA8D14-D1C8-486B-ABE7-25C9D6B72CE9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_10a:*:*:*:*:*:*",
                     matchCriteriaId: "5DA716A2-E697-4BC3-8127-E772E67E1C49",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_10a_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "EEBB1DCE-25AA-4F95-984C-5BB5341A90ED",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_2:*:*:*:*:*:*",
                     matchCriteriaId: "98E3E0AF-A341-43BB-91C6-75BBDE695280",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_2_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "20AC3991-0E5B-4164-807F-0E270B1867BE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_2_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "44F86BEB-77D0-41AF-816C-F73B2D9601FE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_2_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "C9C467AA-B1A2-4A2A-8363-623232BCBCA0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_2_hotfix_4:*:*:*:*:*:*",
                     matchCriteriaId: "A6E189F6-6623-4A0C-8767-A3CC1C12B759",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_3:*:*:*:*:*:*",
                     matchCriteriaId: "9D6885DD-230B-468B-B936-7512BE80849D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_3_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "1476C240-FCB0-43E3-9C79-2264DB6C200A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_3_hotfix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "9783CA53-CDBD-44F0-B2B9-8C49EBE9FCB4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_4:*:*:*:*:*:*",
                     matchCriteriaId: "481EC1AA-5863-4641-B67F-CD51416ED0EA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "402D816A-2650-4743-A386-029C0D063C39",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "56CBE65E-2D5A-4191-A2F4-8AC76050404F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_2a:*:*:*:*:*:*",
                     matchCriteriaId: "05587BC2-574F-42B6-A121-7ACFD0691ED5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_2b:*:*:*:*:*:*",
                     matchCriteriaId: "76D69B8D-02EE-4E3D-9F54-E94F6DB09D5B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "CC772DD6-2814-4EEF-A524-CC752C277337",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_3b:*:*:*:*:*:*",
                     matchCriteriaId: "996C57B4-E8AC-48F6-BA71-328F714B1BAC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_4:*:*:*:*:*:*",
                     matchCriteriaId: "10B82BE2-BE38-4EA7-85D5-AC28FF4F50BD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_4b:*:*:*:*:*:*",
                     matchCriteriaId: "D66B18D1-486D-4390-9D1E-5348D1C6729A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_5:*:*:*:*:*:*",
                     matchCriteriaId: "A0EC8ACE-70CA-44FC-ACA7-0868D620C86D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_5:*:*:*:*:*:*",
                     matchCriteriaId: "8D934721-565F-4707-A32A-B7E4BB9D2DD0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_5_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "4AA97D74-290C-47C7-9976-6EF83950C530",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_6:*:*:*:*:*:*",
                     matchCriteriaId: "122E0C17-B29B-44B9-A37E-745B103AD398",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_6_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "AADFD5CE-9C9D-46FF-9871-E2BD7B2C8B98",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_6_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "ECE96EED-C729-4A84-B437-79CCE029C391",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_7:*:*:*:*:*:*",
                     matchCriteriaId: "8BD49264-D243-4625-828C-AF383D826779",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_7_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "FB29FCEC-3DDB-46EE-A7AA-4728E6B9A1D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_7_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "AC4CA2B8-EFD8-4C01-8F9C-E613619062DF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_7a:*:*:*:*:*:*",
                     matchCriteriaId: "0F601F74-593A-4566-A763-EF05E5138FA7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_7b:*:*:*:*:*:*",
                     matchCriteriaId: "47D4CC0E-E3F5-49AB-9D92-AC8FFB17A4C0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_8:*:*:*:*:*:*",
                     matchCriteriaId: "8A4CD267-D72A-4F09-BE9B-F008B1804AD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_8_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "24D2EBC6-F894-4C1D-A2FF-B49FF4007ED8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_9:*:*:*:*:*:*",
                     matchCriteriaId: "26D23EE3-0F88-47F7-ADCD-B74F81A08D9B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_9_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "FB793686-954A-49F8-BC35-A95325D61303",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_9_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "38DDACA8-69A9-4047-AD99-A7DDC320EAD8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_9_hotfix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "926C0F6A-0599-4239-B1CE-5D864BBAA315",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:-:*:*:*:*:*:*",
                     matchCriteriaId: "9DB67FCA-6127-486F-A866-3D5E63B81C35",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_1:*:*:*:*:*:*",
                     matchCriteriaId: "9132AB29-33C1-4825-BAD4-2804C26316B1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_1_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "68D99613-53A1-4B09-9A78-F8EFA0CC6B01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_10:*:*:*:*:*:*",
                     matchCriteriaId: "7E79B8B4-C9CF-4BD4-A634-6DB5EFCAA1FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_2:*:*:*:*:*:*",
                     matchCriteriaId: "E8FCCFB6-DB7E-4DED-A7E0-1C03087754F5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "7ED2051C-FE4F-4C0A-A3BF-E33141DC3250",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "8CFD4017-5B8E-4CAF-B9E5-4A675C11F01A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "40D69E69-DF88-4F8C-A9BD-B642829107E4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "4D21A542-15DC-432C-9C60-F7CABE8D4807",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix1a:*:*:*:*:*:*",
                     matchCriteriaId: "1596163B-637A-49F9-B01F-C6CC297F7E5B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_3:*:*:*:*:*:*",
                     matchCriteriaId: "0B915FDA-9DCB-43B5-8081-F0690996A3EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "7308FA07-5C6D-41AA-9EE1-EE9BAAB50A1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "5ED407E7-9595-4B4D-9D53-1A4807BA327C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "1EA5B288-54DB-437E-88C2-05F90FF3C918",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_4:*:*:*:*:*:*",
                     matchCriteriaId: "6ED497ED-1588-4CF8-AE83-7CC7BEF8B982",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_4:*:*:*:*:*:*",
                     matchCriteriaId: "A74A3197-68F7-4303-A731-B87A8BF3F831",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "A08FD0FD-E062-4BEC-BE95-0ED2D106826B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "5F6A6F12-4D7A-4FD3-8FD6-C32D797BB810",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "847F9124-F3C6-4C93-9E80-544CB0580C8C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_2b:*:*:*:*:*:*",
                     matchCriteriaId: "12808B52-8F7D-4EE0-A43E-85A1C70A6BE3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_5:*:*:*:*:*:*",
                     matchCriteriaId: "81880B84-5E9D-4B7F-B1D5-1BF8D25DAF5D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_5_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "8011D2A7-770B-4AE5-80E6-C762F4F0BB55",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_6:*:*:*:*:*:*",
                     matchCriteriaId: "A58603E3-5AFC-4606-8F9E-1B4FF9A9B843",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_6_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "BED5F42A-5FFF-43E0-9BAD-A5E6C1110551",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7:*:*:*:*:*:*",
                     matchCriteriaId: "ABE64339-EF0B-4430-9768-FA7DE82AA61F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "FF79CA67-765A-4CCB-B1CB-EE1FC02CFCFA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "A3E71353-9AFF-4B6D-89BC-A2909A7C5DDF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "C9C5B57E-7852-4E38-9BDA-864CF6F9DB5A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2a:*:*:*:*:*:*",
                     matchCriteriaId: "EAA2E502-FCBC-404D-8FFA-4601F1D5B747",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2b:*:*:*:*:*:*",
                     matchCriteriaId: "650956A6-8DE6-4C16-A77C-2B208B41DF5F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_3a:*:*:*:*:*:*",
                     matchCriteriaId: "A49AC0E0-9164-43AD-959A-55FCB7965858",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_8:*:*:*:*:*:*",
                     matchCriteriaId: "C641B881-7379-448A-A785-3381C72F8353",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "03D48963-936B-4A48-8859-A5066A259E03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "9149B850-7196-476A-9A27-DEB85B8C6F19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "10622260-FCBC-4CC0-804E-55D75200FC46",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_9:*:*:*:*:*:*",
                     matchCriteriaId: "CF44F7A1-D153-4723-BA45-0FE4E4725C2F",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:-:*:*:*:*:*:*",
                     matchCriteriaId: "FFAC3BF9-2443-4C43-B67A-2BB99297D295",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1:*:*:*:*:*:*",
                     matchCriteriaId: "444DD275-789F-4C07-9D98-BBFAA1640DB3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "5B29B708-BD7C-4A6C-9E78-37D045101A17",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "1F6EDFA3-9014-4AA7-A17F-DDB1FE96588E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2a:*:*:*:*:*:*",
                     matchCriteriaId: "1DA447CA-A6A2-436C-9909-3F0419B7DD6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2:*:*:*:*:*:*",
                     matchCriteriaId: "D18E2CD1-AC8E-4ABF-88DE-D3E61A297ED1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "52FC3724-35E5-4C3A-B6BA-3B270EA4255E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3:*:*:*:*:*:*",
                     matchCriteriaId: "6137BB81-6B48-4DCB-A9F6-A27D869C12FC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.",
      },
      {
         lang: "es",
         value: "ServiceNow ha abordado una vulnerabilidad de validación de entrada que se identificó en las versiones de la plataforma Now de Vancouver y Washington DC. Esta vulnerabilidad podría permitir que un usuario no autenticado ejecute código de forma remota dentro del contexto de Now Platform. ServiceNow aplicó una actualización a las instancias alojadas y ServiceNow lanzó la actualización a nuestros socios y clientes autohospedados. A continuación se enumeran los parches y correcciones urgentes que abordan la vulnerabilidad. Si aún no lo ha hecho, le recomendamos aplicar los parches de seguridad relevantes para su instancia lo antes posible.",
      },
   ],
   id: "CVE-2024-4879",
   lastModified: "2024-11-27T19:07:32.497",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "psirt@servicenow.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
      cvssMetricV40: [
         {
            cvssData: {
               Automatable: "NOT_DEFINED",
               Recovery: "NOT_DEFINED",
               Safety: "NOT_DEFINED",
               attackComplexity: "LOW",
               attackRequirements: "NONE",
               attackVector: "NETWORK",
               availabilityRequirement: "NOT_DEFINED",
               baseScore: 9.3,
               baseSeverity: "CRITICAL",
               confidentialityRequirement: "NOT_DEFINED",
               exploitMaturity: "NOT_DEFINED",
               integrityRequirement: "NOT_DEFINED",
               modifiedAttackComplexity: "NOT_DEFINED",
               modifiedAttackRequirements: "NOT_DEFINED",
               modifiedAttackVector: "NOT_DEFINED",
               modifiedPrivilegesRequired: "NOT_DEFINED",
               modifiedSubAvailabilityImpact: "NOT_DEFINED",
               modifiedSubConfidentialityImpact: "NOT_DEFINED",
               modifiedSubIntegrityImpact: "NOT_DEFINED",
               modifiedUserInteraction: "NOT_DEFINED",
               modifiedVulnAvailabilityImpact: "NOT_DEFINED",
               modifiedVulnConfidentialityImpact: "NOT_DEFINED",
               modifiedVulnIntegrityImpact: "NOT_DEFINED",
               privilegesRequired: "NONE",
               providerUrgency: "NOT_DEFINED",
               subAvailabilityImpact: "NONE",
               subConfidentialityImpact: "NONE",
               subIntegrityImpact: "NONE",
               userInteraction: "NONE",
               valueDensity: "NOT_DEFINED",
               vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
               version: "4.0",
               vulnAvailabilityImpact: "HIGH",
               vulnConfidentialityImpact: "HIGH",
               vulnIntegrityImpact: "HIGH",
               vulnerabilityResponseEffort: "NOT_DEFINED",
            },
            source: "psirt@servicenow.com",
            type: "Secondary",
         },
      ],
   },
   published: "2024-07-10T17:15:12.117",
   references: [
      {
         source: "psirt@servicenow.com",
         tags: [
            "Permissions Required",
         ],
         url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293",
      },
      {
         source: "psirt@servicenow.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1645154",
      },
      {
         source: "psirt@servicenow.com",
         tags: [
            "Press/Media Coverage",
            "Third Party Advisory",
         ],
         url: "https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
         ],
         url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1645154",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Press/Media Coverage",
            "Third Party Advisory",
         ],
         url: "https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit",
      },
   ],
   sourceIdentifier: "psirt@servicenow.com",
   vulnStatus: "Analyzed",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-1287",
            },
         ],
         source: "psirt@servicenow.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "NVD-CWE-Other",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2024-10-29 17:15
Modified
2024-11-27 19:32
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information. ServiceNow deployed an update to hosted instances, and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes.
References
psirt@servicenow.comhttps://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1706072Vendor Advisory
Impacted products
Vendor Product Version
servicenow servicenow xanadu
servicenow servicenow xanadu
servicenow servicenow xanadu
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:xanadu:-:*:*:*:*:*:*",
                     matchCriteriaId: "7680E7D1-4508-4A4F-99B9-D7690052F185",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:xanadu:early_availability:*:*:*:*:*:*",
                     matchCriteriaId: "D232F4B4-40DC-4251-92C9-F40D280AEE36",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:xanadu:early_availability_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "49E3A571-83E7-4168-ADF6-49AF92F68EC5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:-:*:*:*:*:*:*",
                     matchCriteriaId: "9DB67FCA-6127-486F-A866-3D5E63B81C35",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:early_availability:*:*:*:*:*:*",
                     matchCriteriaId: "8702C869-6136-4E0D-9C31-D3F23E9FFEB9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:early_availability_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "8B094239-6739-4E69-BFF6-7D2797024D8D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:early_availability_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "4D849F84-F4A9-4AF1-99B6-C57C34BDF4F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_1:*:*:*:*:*:*",
                     matchCriteriaId: "9132AB29-33C1-4825-BAD4-2804C26316B1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_1_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "68D99613-53A1-4B09-9A78-F8EFA0CC6B01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_10:*:*:*:*:*:*",
                     matchCriteriaId: "7E79B8B4-C9CF-4BD4-A634-6DB5EFCAA1FA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_10_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "B348587A-4407-4BC5-B4E0-207A283B66F6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_2:*:*:*:*:*:*",
                     matchCriteriaId: "E8FCCFB6-DB7E-4DED-A7E0-1C03087754F5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "7ED2051C-FE4F-4C0A-A3BF-E33141DC3250",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "8CFD4017-5B8E-4CAF-B9E5-4A675C11F01A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "40D69E69-DF88-4F8C-A9BD-B642829107E4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "4D21A542-15DC-432C-9C60-F7CABE8D4807",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix1a:*:*:*:*:*:*",
                     matchCriteriaId: "1596163B-637A-49F9-B01F-C6CC297F7E5B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_3:*:*:*:*:*:*",
                     matchCriteriaId: "0B915FDA-9DCB-43B5-8081-F0690996A3EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "7308FA07-5C6D-41AA-9EE1-EE9BAAB50A1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "5ED407E7-9595-4B4D-9D53-1A4807BA327C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "1EA5B288-54DB-437E-88C2-05F90FF3C918",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_4:*:*:*:*:*:*",
                     matchCriteriaId: "6ED497ED-1588-4CF8-AE83-7CC7BEF8B982",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_4:*:*:*:*:*:*",
                     matchCriteriaId: "A74A3197-68F7-4303-A731-B87A8BF3F831",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "A08FD0FD-E062-4BEC-BE95-0ED2D106826B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "5F6A6F12-4D7A-4FD3-8FD6-C32D797BB810",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "847F9124-F3C6-4C93-9E80-544CB0580C8C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_2b:*:*:*:*:*:*",
                     matchCriteriaId: "12808B52-8F7D-4EE0-A43E-85A1C70A6BE3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_5:*:*:*:*:*:*",
                     matchCriteriaId: "81880B84-5E9D-4B7F-B1D5-1BF8D25DAF5D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_5_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "8011D2A7-770B-4AE5-80E6-C762F4F0BB55",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_6:*:*:*:*:*:*",
                     matchCriteriaId: "A58603E3-5AFC-4606-8F9E-1B4FF9A9B843",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_6_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "BED5F42A-5FFF-43E0-9BAD-A5E6C1110551",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_6_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "ACC24566-0C5A-480D-AA79-19C5E9CE3D70",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7:*:*:*:*:*:*",
                     matchCriteriaId: "ABE64339-EF0B-4430-9768-FA7DE82AA61F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "FF79CA67-765A-4CCB-B1CB-EE1FC02CFCFA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "A3E71353-9AFF-4B6D-89BC-A2909A7C5DDF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "C9C5B57E-7852-4E38-9BDA-864CF6F9DB5A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2a:*:*:*:*:*:*",
                     matchCriteriaId: "EAA2E502-FCBC-404D-8FFA-4601F1D5B747",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2b:*:*:*:*:*:*",
                     matchCriteriaId: "650956A6-8DE6-4C16-A77C-2B208B41DF5F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_3a:*:*:*:*:*:*",
                     matchCriteriaId: "A49AC0E0-9164-43AD-959A-55FCB7965858",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_3b:*:*:*:*:*:*",
                     matchCriteriaId: "24A4F6D1-2005-43CA-A282-6B532046CC60",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_4:*:*:*:*:*:*",
                     matchCriteriaId: "46277115-1A2B-4526-83E8-1446EB5A1EAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "6CDFB167-F252-46A6-A5F6-EF9A4F93FC03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "43DE243B-E90A-4857-A3A6-3A045FE2D75F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_2a:*:*:*:*:*:*",
                     matchCriteriaId: "33689F99-48DD-47C6-AFAC-DC5D10785860",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_2b:*:*:*:*:*:*",
                     matchCriteriaId: "8F664F1F-5FB2-48B1-93C7-5DF415E673B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_8:*:*:*:*:*:*",
                     matchCriteriaId: "C641B881-7379-448A-A785-3381C72F8353",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "03D48963-936B-4A48-8859-A5066A259E03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "9149B850-7196-476A-9A27-DEB85B8C6F19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "10622260-FCBC-4CC0-804E-55D75200FC46",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_4:*:*:*:*:*:*",
                     matchCriteriaId: "629C9A33-02A6-459E-92F2-A815FFA5BC73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_5:*:*:*:*:*:*",
                     matchCriteriaId: "28C0B816-2DE4-4314-8505-8A7F2EB6AE64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_9:*:*:*:*:*:*",
                     matchCriteriaId: "CF44F7A1-D153-4723-BA45-0FE4E4725C2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_9_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "F9952FD7-E982-471E-933A-812FB24D7180",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_9_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "5143ED1D-7B8A-4167-B76D-3946E9920E3B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_9_hotfix_2a:*:*:*:*:*:*",
                     matchCriteriaId: "9517E3CB-3473-48B5-942A-E1AC215ECB6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_9_hotfix_2b:*:*:*:*:*:*",
                     matchCriteriaId: "FDB5D38B-DABC-4FD0-BE1F-6153E6209CE0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_9_hotfix_3a:*:*:*:*:*:*",
                     matchCriteriaId: "5BF8DC1F-48AB-4BAD-83F5-2D370AB4E77C",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:-:*:*:*:*:*:*",
                     matchCriteriaId: "FFAC3BF9-2443-4C43-B67A-2BB99297D295",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:early_availability:*:*:*:*:*:*",
                     matchCriteriaId: "84206FBF-9BE9-489C-AED6-522029D14091",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:early_availability_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "02C383CA-F10F-44F1-9DAE-0CC6C049B83E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1:*:*:*:*:*:*",
                     matchCriteriaId: "444DD275-789F-4C07-9D98-BBFAA1640DB3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "5B29B708-BD7C-4A6C-9E78-37D045101A17",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "1F6EDFA3-9014-4AA7-A17F-DDB1FE96588E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2a:*:*:*:*:*:*",
                     matchCriteriaId: "1DA447CA-A6A2-436C-9909-3F0419B7DD6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2b:*:*:*:*:*:*",
                     matchCriteriaId: "9F263893-6D34-49D6-9407-ED6CB823595E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_3b:*:*:*:*:*:*",
                     matchCriteriaId: "A5BC2E0F-21A6-4AA2-8B4D-C7DEE1D34FC7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2:*:*:*:*:*:*",
                     matchCriteriaId: "D18E2CD1-AC8E-4ABF-88DE-D3E61A297ED1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "52FC3724-35E5-4C3A-B6BA-3B270EA4255E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "D663C66D-460F-417E-BC40-D2F0D64246BD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3:*:*:*:*:*:*",
                     matchCriteriaId: "6137BB81-6B48-4DCB-A9F6-A27D869C12FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "B06EABB5-0327-4816-AC7B-34D021758812",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "9AE9E970-A457-4D7F-91F0-B7A0956C4115",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "5E117698-641B-4A61-A0A1-5360A6A47EC3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4:*:*:*:*:*:*",
                     matchCriteriaId: "29DC5FC9-2ACF-4C51-93C4-2D0982BA0CA6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "F527AEBC-C859-45A2-B9A3-B627B99430AC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "866088B4-F98B-4C76-BE9C-01505DCA0422",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4_hotfix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "84A86B15-85A4-43B0-A848-F6BDE6F925D6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "DA24D4D4-9531-4A39-82AB-C559AD956821",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4_hotfix_2a:*:*:*:*:*:*",
                     matchCriteriaId: "E038E7CE-F29B-4684-A20A-BD564C2F72D0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_5:*:*:*:*:*:*",
                     matchCriteriaId: "9CD5A918-9B71-4CFD-A6DB-437D3B647C6A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_5_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "A8CB6895-5EA1-4D97-B563-ED192B4ADA3D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_5_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "17D05A6C-5B6B-4DF0-A2A6-D23C05B55FB7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_5_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "2514E534-4160-4B28-B4B3-FF8DDDE6F7F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_5_hotfix_4:*:*:*:*:*:*",
                     matchCriteriaId: "4533B128-E765-4542-938F-5CF254249C15",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_5_hotfix_5:*:*:*:*:*:*",
                     matchCriteriaId: "98E4AFA9-6551-4D22-AFB1-666936DC311D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_5_hotfix_6:*:*:*:*:*:*",
                     matchCriteriaId: "F72D90CB-C5EB-4F03-B320-0ACF9397C724",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_6:*:*:*:*:*:*",
                     matchCriteriaId: "AA936070-C32B-4539-A14F-1F6965A01107",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information. ServiceNow deployed an update to hosted instances, and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes.",
      },
      {
         lang: "es",
         value: "ServiceNow ha solucionado una vulnerabilidad de inyección SQL ciega que se identificó en la plataforma Now. Esta vulnerabilidad podría permitir que un usuario no autenticado extraiga información no autorizada. ServiceNow implementó una actualización en las instancias alojadas y proporcionó la actualización a nuestros socios y clientes alojados por ellos mismos. Además, la vulnerabilidad se soluciona en los parches y correcciones urgentes que se indican.",
      },
   ],
   id: "CVE-2024-8924",
   lastModified: "2024-11-27T19:32:01.823",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "psirt@servicenow.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 7.5,
               baseSeverity: "HIGH",
               confidentialityImpact: "HIGH",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 3.6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
      cvssMetricV40: [
         {
            cvssData: {
               Automatable: "NOT_DEFINED",
               Recovery: "NOT_DEFINED",
               Safety: "NOT_DEFINED",
               attackComplexity: "LOW",
               attackRequirements: "NONE",
               attackVector: "NETWORK",
               availabilityRequirement: "NOT_DEFINED",
               baseScore: 8.7,
               baseSeverity: "HIGH",
               confidentialityRequirement: "NOT_DEFINED",
               exploitMaturity: "NOT_DEFINED",
               integrityRequirement: "NOT_DEFINED",
               modifiedAttackComplexity: "NOT_DEFINED",
               modifiedAttackRequirements: "NOT_DEFINED",
               modifiedAttackVector: "NOT_DEFINED",
               modifiedPrivilegesRequired: "NOT_DEFINED",
               modifiedSubAvailabilityImpact: "NOT_DEFINED",
               modifiedSubConfidentialityImpact: "NOT_DEFINED",
               modifiedSubIntegrityImpact: "NOT_DEFINED",
               modifiedUserInteraction: "NOT_DEFINED",
               modifiedVulnAvailabilityImpact: "NOT_DEFINED",
               modifiedVulnConfidentialityImpact: "NOT_DEFINED",
               modifiedVulnIntegrityImpact: "NOT_DEFINED",
               privilegesRequired: "NONE",
               providerUrgency: "NOT_DEFINED",
               subAvailabilityImpact: "NONE",
               subConfidentialityImpact: "NONE",
               subIntegrityImpact: "NONE",
               userInteraction: "NONE",
               valueDensity: "NOT_DEFINED",
               vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
               version: "4.0",
               vulnAvailabilityImpact: "NONE",
               vulnConfidentialityImpact: "HIGH",
               vulnIntegrityImpact: "NONE",
               vulnerabilityResponseEffort: "NOT_DEFINED",
            },
            source: "psirt@servicenow.com",
            type: "Secondary",
         },
      ],
   },
   published: "2024-10-29T17:15:04.983",
   references: [
      {
         source: "psirt@servicenow.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1706072",
      },
   ],
   sourceIdentifier: "psirt@servicenow.com",
   vulnStatus: "Analyzed",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "psirt@servicenow.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-07-06 18:15
Modified
2024-12-17 13:58
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts.
References
psirt@servicenow.comhttps://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1310230Vendor Advisory
psirt@servicenow.comhttps://www.linkedin.com/in/osamay/Not Applicable
af854a3a-2127-422b-91ae-364da2661108https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1310230Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.linkedin.com/in/osamay/Not Applicable
Impacted products
Vendor Product Version
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow utah


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1:*:*:*:*:*:*",
                     matchCriteriaId: "71A44062-D94F-4246-A218-33AD4C43C7FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "6A4ABAF4-C84B-4E7B-A156-24640B7D56EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "2855AE65-1B96-4537-BB6E-7659114955EA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "63725CBE-34A5-4B9E-BA8E-32E66B89C646",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_2:*:*:*:*:*:*",
                     matchCriteriaId: "8B2DC45C-17A0-4D92-AB29-3497DA43707E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_2_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "F2822278-2089-4F78-86EE-D63A9516B5A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3:*:*:*:*:*:*",
                     matchCriteriaId: "49444E5E-0AB7-4083-8663-089955134AA7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "8B5E2C3D-F838-48E0-8135-455AF964221D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "2494C288-83E1-48DF-9661-540B26C9137E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "815997A7-39CB-4C78-B776-54DECE294AA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_4:*:*:*:*:*:*",
                     matchCriteriaId: "DE7FDD4B-163B-462A-A80C-454F5040FF90",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_4:*:*:*:*:*:*",
                     matchCriteriaId: "FB55D9E6-FD9C-48A8-800D-10C665120792",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_4a:*:*:*:*:*:*",
                     matchCriteriaId: "D481F300-EDF4-4E22-B865-F3AAFCE27692",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_4b:*:*:*:*:*:*",
                     matchCriteriaId: "311B0413-3771-4CAF-9A14-0726B2923A76",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_5:*:*:*:*:*:*",
                     matchCriteriaId: "E74913AB-25EE-4F18-B2FA-5C261D7ADE25",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_6:*:*:*:*:*:*",
                     matchCriteriaId: "5C99222F-B676-471F-8E44-707024B2B097",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_7:*:*:*:*:*:*",
                     matchCriteriaId: "276A7ABE-2437-455C-9C5B-C05CAAC183A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_7_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "5719FE4C-B14A-4A68-8C0F-D9BBA8123056",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_7_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "2FDD5B2E-8FFF-45A4-BAF4-2091F59ED199",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_7_hottix_3:*:*:*:*:*:*",
                     matchCriteriaId: "6DA812CC-CF9F-4642-873F-8C0F8DEF9534",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_7a:*:*:*:*:*:*",
                     matchCriteriaId: "05C37C8D-C08F-49E4-BD57-03B61DA4D3BD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_7b:*:*:*:*:*:*",
                     matchCriteriaId: "F2371A53-1D57-4508-B18A-4FBA0288CF7B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_8:*:*:*:*:*:*",
                     matchCriteriaId: "BB9E765B-C094-4FC4-B9E3-0732F24C10D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_8_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "406329D1-A894-4D98-BCC0-DFAF25B811DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_8_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "BD9DC522-29A8-457F-AC76-9DD53DCDE80E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_9:*:*:*:*:*:*",
                     matchCriteriaId: "9D6F99C1-F264-4592-AD5F-9A7B04F9D7F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_9a:*:*:*:*:*:*",
                     matchCriteriaId: "3CD6BD0F-4AC7-4F01-A29C-C94B50BE3B4C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_9a_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "379C71B7-CEB3-43B0-B48E-062C6622B19C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_9b:*:*:*:*:*:*",
                     matchCriteriaId: "FE62CA6A-14A9-4FB8-80A3-BE8EFF14587B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:-:*:*:*:*:*:*",
                     matchCriteriaId: "4332BE18-DA60-4921-A9DF-C434AB32839B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_1:*:*:*:*:*:*",
                     matchCriteriaId: "09179BB2-B8D4-4FF9-925E-B5B259EFDF4F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_1_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "B328AB49-9C8F-4A0E-86C7-76071156EDAA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_1a:*:*:*:*:*:*",
                     matchCriteriaId: "25F6EDF2-EC52-4821-80A7-1B7DB55CD5FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_1b:*:*:*:*:*:*",
                     matchCriteriaId: "634CC5CF-5883-44A9-86D9-7DFEADCB4AC0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_2:*:*:*:*:*:*",
                     matchCriteriaId: "F5DD8964-4A2D-4CE8-9C45-58E20DB30964",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_2_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "5A964834-0D6A-4E63-8A7A-F4B5DF2C1AAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_2_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "EFEE723D-8418-448A-9005-212B8BDB2C05",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_2_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "487E9543-6417-4915-A884-20C4BF457543",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_2_hotfix_4:*:*:*:*:*:*",
                     matchCriteriaId: "E9338643-E8E2-494E-841D-A2756A4A8EAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_3:*:*:*:*:*:*",
                     matchCriteriaId: "FDDF1F29-9BF2-4F82-B375-8BC4E38E6D2D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_3_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "853308FF-6FE0-480E-8B7A-05C4723FB08A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_3_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "2AE7A9ED-6C15-436D-8CB5-A557BE6064D0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_3_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "9972BE30-D7DE-4687-BC1D-867790D281A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_3_hotfix_4:*:*:*:*:*:*",
                     matchCriteriaId: "E26FD8E6-C762-4CE1-8B90-7BCBBC372ADA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_4:*:*:*:*:*:*",
                     matchCriteriaId: "F76C3CB6-D1DF-433B-ADA8-E1751DCA4FE7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_4_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "C93D663E-D0B4-4EC0-AD81-4932F96E4621",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_4_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "38A222AD-CBCC-4AF5-B9F1-ABA8447BE504",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_4a:*:*:*:*:*:*",
                     matchCriteriaId: "C3B9F3D7-B59B-489F-B3E2-F003F57A07B1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_4a_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "4BB5A2D5-2556-4C7E-BE38-1DD27AF64433",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_5:*:*:*:*:*:*",
                     matchCriteriaId: "5536AF08-999A-44DC-B9FB-C3FE19D7FA82",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_5_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "4F3AAC35-A807-4F74-AB08-727DF5AA3AA2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_5_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "AA79BA86-1A6D-4A59-85CB-9E5A807E220D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_5_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "7F5A0D4A-2D44-428D-B571-D224029C77EB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:patch_1:*:*:*:*:*:*",
                     matchCriteriaId: "DB5CA109-5DC1-4952-AC15-69FAC332BCA2",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts.\n",
      },
   ],
   id: "CVE-2023-1298",
   lastModified: "2024-12-17T13:58:11.560",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "psirt@servicenow.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-07-06T18:15:10.497",
   references: [
      {
         source: "psirt@servicenow.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1310230",
      },
      {
         source: "psirt@servicenow.com",
         tags: [
            "Not Applicable",
         ],
         url: "https://www.linkedin.com/in/osamay/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1310230",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Not Applicable",
         ],
         url: "https://www.linkedin.com/in/osamay/",
      },
   ],
   sourceIdentifier: "psirt@servicenow.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "psirt@servicenow.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-08-23 19:15
Modified
2024-11-21 07:16
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality.
References
cve@mitre.orghttps://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1156793Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1156793Vendor Advisory
Impacted products
Vendor Product Version
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_4:*:*:*:*:*:*",
                     matchCriteriaId: "FB55D9E6-FD9C-48A8-800D-10C665120792",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_4a:*:*:*:*:*:*",
                     matchCriteriaId: "D481F300-EDF4-4E22-B865-F3AAFCE27692",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_6:*:*:*:*:*:*",
                     matchCriteriaId: "5C99222F-B676-471F-8E44-707024B2B097",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality.",
      },
      {
         lang: "es",
         value: "ServiceNow versiones hasta San Diego Patch 4b y Patch 6, permite un ataque de tipo XSS reflejado en la funcionalidad logout.",
      },
   ],
   id: "CVE-2022-38463",
   lastModified: "2024-11-21T07:16:31.680",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-08-23T19:15:09.853",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1156793",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1156793",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-04-10 14:15
Modified
2025-02-07 21:15
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks, including, but not limited to, phishing, redirection, theft of CSRF tokens, and use of an authenticated user's browser or session to attack other systems.
References
psirt@servicenow.comhttps://support.servicenow.com/
psirt@servicenow.comhttps://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1221892
af854a3a-2127-422b-91ae-364da2661108https://support.servicenow.com/
af854a3a-2127-422b-91ae-364da2661108https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1221892
Impacted products
Vendor Product Version
servicenow servicenow quebec
servicenow servicenow quebec
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow utah


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:quebec:-:*:*:*:*:*:*",
                     matchCriteriaId: "C5A68765-7406-48CB-965E-6C09A7465CF7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:quebec:patch_10:*:*:*:*:*:*",
                     matchCriteriaId: "8816E561-8E81-4C30-9C48-7836069202D9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_1:*:*:*:*:*:*",
                     matchCriteriaId: "52C8A7D2-F930-4078-9E9D-E48782E46CBD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "512C81E4-0C27-42EC-AD05-7563B50EF1DD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "A5BBA03C-2A2E-4259-9F8E-99622F6758B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "D609B90C-E67E-461A-8756-36E06E265FF0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "2A05F1AF-0E08-4280-A006-A27C917C9E82",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_10:*:*:*:*:*:*",
                     matchCriteriaId: "5E3198D2-CC9C-46F7-A366-6C16F3F35439",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "DD0D5C00-C5D2-4E30-BEB7-AA2ACBE68CF3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "F5B1C958-54DF-45BE-BD2B-60A44B846971",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_2a:*:*:*:*:*:*",
                     matchCriteriaId: "6BE785D2-A5C9-4ED7-968A-C01F257E8514",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_2:*:*:*:*:*:*",
                     matchCriteriaId: "EAA82A56-93C2-47DC-92BA-D2EBF0C19EEC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_2_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "B4FEEDD5-F852-49AA-BDF9-869040C7F3C4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_2_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "763B0915-14EF-4405-AAB6-78B185D5744B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_3:*:*:*:*:*:*",
                     matchCriteriaId: "B053530E-1CB3-4A86-BD4B-569750776A53",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_3_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "4CF1B2AB-D561-4396-AA99-71FCD55B5D3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_4:*:*:*:*:*:*",
                     matchCriteriaId: "00EE16EE-B759-4BD8-A30B-C952142C860E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "1F157018-E6F2-45D1-8B54-68C051247798",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "88603AEF-0EC2-4006-B7F2-E5FFAC8F354C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "FB5BC2C0-A5CF-455F-A732-E49672B5682E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_5:*:*:*:*:*:*",
                     matchCriteriaId: "66E9CCC4-7BC4-4FC2-8B54-B8746A83256C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_5_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "56E7DB16-6ABC-4ED3-99C1-A33914242405",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_5_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "55AC0E29-0F51-4D1D-A5EF-AECD29FAE417",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_6:*:*:*:*:*:*",
                     matchCriteriaId: "5DCC0D37-6840-4882-84E1-AE1E83ABF31B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_6_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "CF53F785-2D19-48FB-9D88-9817785E5082",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_6_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "9EAAADE1-5804-44FB-BD9A-881BDA4FE1F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_7:*:*:*:*:*:*",
                     matchCriteriaId: "DC20DB81-AA27-4BE5-9296-2E4E6000F56B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_7_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "DECC9979-3A0B-4F36-85D1-DD539A7D18C9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_7a:*:*:*:*:*:*",
                     matchCriteriaId: "563F3D85-A23A-453F-9932-3044F8B5566C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_7b:*:*:*:*:*:*",
                     matchCriteriaId: "3C770579-EDDC-4F46-8288-33A13289A8A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_8:*:*:*:*:*:*",
                     matchCriteriaId: "78447698-90FF-4010-BF0B-3294E2EBB69B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_8_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "A32EF135-C229-49B1-8766-1ED6066C7CC8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_8_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "22E5BA6F-6C66-4589-8AA9-C76776DCFCCB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_9:*:*:*:*:*:*",
                     matchCriteriaId: "AE93BECE-CC4A-400A-9322-5E61DA5E6A75",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_9_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "38D3CF30-CAC5-49B1-B527-9C9D24C28A54",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_9a:*:*:*:*:*:*",
                     matchCriteriaId: "8C48A10D-0295-4023-AB20-0BE4D8AA582A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_9b:*:*:*:*:*:*",
                     matchCriteriaId: "0F42AF52-C388-44BB-B328-5E77CF9E4622",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1:*:*:*:*:*:*",
                     matchCriteriaId: "71A44062-D94F-4246-A218-33AD4C43C7FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "6A4ABAF4-C84B-4E7B-A156-24640B7D56EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "2855AE65-1B96-4537-BB6E-7659114955EA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "63725CBE-34A5-4B9E-BA8E-32E66B89C646",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_2:*:*:*:*:*:*",
                     matchCriteriaId: "8B2DC45C-17A0-4D92-AB29-3497DA43707E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_2_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "F2822278-2089-4F78-86EE-D63A9516B5A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3:*:*:*:*:*:*",
                     matchCriteriaId: "49444E5E-0AB7-4083-8663-089955134AA7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "8B5E2C3D-F838-48E0-8135-455AF964221D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "2494C288-83E1-48DF-9661-540B26C9137E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "815997A7-39CB-4C78-B776-54DECE294AA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_4:*:*:*:*:*:*",
                     matchCriteriaId: "DE7FDD4B-163B-462A-A80C-454F5040FF90",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_4:*:*:*:*:*:*",
                     matchCriteriaId: "FB55D9E6-FD9C-48A8-800D-10C665120792",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_4a:*:*:*:*:*:*",
                     matchCriteriaId: "D481F300-EDF4-4E22-B865-F3AAFCE27692",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_4b:*:*:*:*:*:*",
                     matchCriteriaId: "311B0413-3771-4CAF-9A14-0726B2923A76",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_6:*:*:*:*:*:*",
                     matchCriteriaId: "5C99222F-B676-471F-8E44-707024B2B097",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_7:*:*:*:*:*:*",
                     matchCriteriaId: "276A7ABE-2437-455C-9C5B-C05CAAC183A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_8:*:*:*:*:*:*",
                     matchCriteriaId: "BB9E765B-C094-4FC4-B9E3-0732F24C10D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:-:*:*:*:*:*:*",
                     matchCriteriaId: "4332BE18-DA60-4921-A9DF-C434AB32839B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch1:*:*:*:*:*:*",
                     matchCriteriaId: "9B73C50B-B52A-41E0-9B5B-E84CEA5503B4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:-:*:*:*:*:*:*",
                     matchCriteriaId: "69E0078E-1953-4F4F-9D5A-B1A140C4B310",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "A XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks, including, but not limited to, phishing, redirection, theft of CSRF tokens, and use of an authenticated user's browser or session to attack other systems.\n\n",
      },
   ],
   id: "CVE-2022-39048",
   lastModified: "2025-02-07T21:15:09.980",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "psirt@servicenow.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 6.1,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-04-10T14:15:07.453",
   references: [
      {
         source: "psirt@servicenow.com",
         url: "https://support.servicenow.com/",
      },
      {
         source: "psirt@servicenow.com",
         url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1221892",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://support.servicenow.com/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1221892",
      },
   ],
   sourceIdentifier: "psirt@servicenow.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
         type: "Secondary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2022-02-10 14:15
Modified
2024-11-21 06:33
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists.
References
cve@mitre.orghttp://packetstormsecurity.com/files/165989/ServiceNow-Orlando-Username-Enumeration.htmlExploit, Third Party Advisory
cve@mitre.orghttps://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/servicenow-username-enumeration-vulnerability-cve-2021-45901/Exploit, Third Party Advisory
cve@mitre.orghttps://www.trustwave.com/en-us/resources/security-resources/security-advisories/Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/165989/ServiceNow-Orlando-Username-Enumeration.htmlExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/servicenow-username-enumeration-vulnerability-cve-2021-45901/Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.trustwave.com/en-us/resources/security-resources/security-advisories/Vendor Advisory
Impacted products
Vendor Product Version
servicenow servicenow jakarta
servicenow servicenow jakarta
servicenow servicenow jakarta
servicenow servicenow jakarta
servicenow servicenow jakarta
servicenow servicenow jakarta
servicenow servicenow jakarta


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:jakarta:p1:*:*:*:*:*:*",
                     matchCriteriaId: "9F98FA32-B3EE-4419-A66F-F3A1F7242AC0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:jakarta:p2:*:*:*:*:*:*",
                     matchCriteriaId: "363F62B5-04E6-4DC0-9B29-FF5C5F657555",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:jakarta:p3:*:*:*:*:*:*",
                     matchCriteriaId: "46838B91-6D08-4854-A763-404DC77CBD40",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:jakarta:p3a:*:*:*:*:*:*",
                     matchCriteriaId: "73A8A994-1F40-4432-AB56-BAFC52934A61",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:jakarta:p3b:*:*:*:*:*:*",
                     matchCriteriaId: "21DD3CAE-4DCA-4D3C-9CDD-728B142CE31C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:jakarta:p4:*:*:*:*:*:*",
                     matchCriteriaId: "A617B59B-DFF2-4838-85B0-E130EEF5201F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:jakarta:p5:*:*:*:*:*:*",
                     matchCriteriaId: "B71E3C94-09EE-4BE2-A444-1A7B353F4F96",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists.",
      },
      {
         lang: "es",
         value: "El formulario de restablecimiento de la contraseña en ServiceNow Orlando proporciona diferentes respuestas a los intentos de autenticación no válidos dependiendo de si el nombre de usuario se presenta",
      },
   ],
   id: "CVE-2021-45901",
   lastModified: "2024-11-21T06:33:14.100",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "NONE",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 1.4,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2022-02-10T14:15:07.860",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "http://packetstormsecurity.com/files/165989/ServiceNow-Orlando-Username-Enumeration.html",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/servicenow-username-enumeration-vulnerability-cve-2021-45901/",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "http://packetstormsecurity.com/files/165989/ServiceNow-Orlando-Username-Enumeration.html",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
            "Third Party Advisory",
         ],
         url: "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/servicenow-username-enumeration-vulnerability-cve-2021-45901/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-203",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2024-10-29 16:15
Modified
2024-11-27 19:31
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Summary
ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow deployed an update to hosted instances and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes.
References
psirt@servicenow.comhttps://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1706070Vendor Advisory
Impacted products
Vendor Product Version
servicenow servicenow xanadu
servicenow servicenow xanadu
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow washington_dc
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver
servicenow servicenow vancouver


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:xanadu:early_availability:*:*:*:*:*:*",
                     matchCriteriaId: "D232F4B4-40DC-4251-92C9-F40D280AEE36",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:xanadu:early_availability_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "49E3A571-83E7-4168-ADF6-49AF92F68EC5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:-:*:*:*:*:*:*",
                     matchCriteriaId: "FFAC3BF9-2443-4C43-B67A-2BB99297D295",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:early_availability:*:*:*:*:*:*",
                     matchCriteriaId: "84206FBF-9BE9-489C-AED6-522029D14091",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:early_availability_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "02C383CA-F10F-44F1-9DAE-0CC6C049B83E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1:*:*:*:*:*:*",
                     matchCriteriaId: "444DD275-789F-4C07-9D98-BBFAA1640DB3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "5B29B708-BD7C-4A6C-9E78-37D045101A17",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "1F6EDFA3-9014-4AA7-A17F-DDB1FE96588E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2a:*:*:*:*:*:*",
                     matchCriteriaId: "1DA447CA-A6A2-436C-9909-3F0419B7DD6F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2b:*:*:*:*:*:*",
                     matchCriteriaId: "9F263893-6D34-49D6-9407-ED6CB823595E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_3b:*:*:*:*:*:*",
                     matchCriteriaId: "A5BC2E0F-21A6-4AA2-8B4D-C7DEE1D34FC7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2:*:*:*:*:*:*",
                     matchCriteriaId: "D18E2CD1-AC8E-4ABF-88DE-D3E61A297ED1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "52FC3724-35E5-4C3A-B6BA-3B270EA4255E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "D663C66D-460F-417E-BC40-D2F0D64246BD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3:*:*:*:*:*:*",
                     matchCriteriaId: "6137BB81-6B48-4DCB-A9F6-A27D869C12FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "B06EABB5-0327-4816-AC7B-34D021758812",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "9AE9E970-A457-4D7F-91F0-B7A0956C4115",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "5E117698-641B-4A61-A0A1-5360A6A47EC3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4:*:*:*:*:*:*",
                     matchCriteriaId: "29DC5FC9-2ACF-4C51-93C4-2D0982BA0CA6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "F527AEBC-C859-45A2-B9A3-B627B99430AC",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:-:*:*:*:*:*:*",
                     matchCriteriaId: "9DB67FCA-6127-486F-A866-3D5E63B81C35",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:early_availability:*:*:*:*:*:*",
                     matchCriteriaId: "8702C869-6136-4E0D-9C31-D3F23E9FFEB9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:early_availability_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "8B094239-6739-4E69-BFF6-7D2797024D8D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:early_availability_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "4D849F84-F4A9-4AF1-99B6-C57C34BDF4F8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_1:*:*:*:*:*:*",
                     matchCriteriaId: "9132AB29-33C1-4825-BAD4-2804C26316B1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_1_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "68D99613-53A1-4B09-9A78-F8EFA0CC6B01",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_2:*:*:*:*:*:*",
                     matchCriteriaId: "E8FCCFB6-DB7E-4DED-A7E0-1C03087754F5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "7ED2051C-FE4F-4C0A-A3BF-E33141DC3250",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "8CFD4017-5B8E-4CAF-B9E5-4A675C11F01A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "40D69E69-DF88-4F8C-A9BD-B642829107E4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "4D21A542-15DC-432C-9C60-F7CABE8D4807",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix1a:*:*:*:*:*:*",
                     matchCriteriaId: "1596163B-637A-49F9-B01F-C6CC297F7E5B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_3:*:*:*:*:*:*",
                     matchCriteriaId: "0B915FDA-9DCB-43B5-8081-F0690996A3EF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "7308FA07-5C6D-41AA-9EE1-EE9BAAB50A1B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "5ED407E7-9595-4B4D-9D53-1A4807BA327C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "1EA5B288-54DB-437E-88C2-05F90FF3C918",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_4:*:*:*:*:*:*",
                     matchCriteriaId: "6ED497ED-1588-4CF8-AE83-7CC7BEF8B982",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_4:*:*:*:*:*:*",
                     matchCriteriaId: "A74A3197-68F7-4303-A731-B87A8BF3F831",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "A08FD0FD-E062-4BEC-BE95-0ED2D106826B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "5F6A6F12-4D7A-4FD3-8FD6-C32D797BB810",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "847F9124-F3C6-4C93-9E80-544CB0580C8C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_2b:*:*:*:*:*:*",
                     matchCriteriaId: "12808B52-8F7D-4EE0-A43E-85A1C70A6BE3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_5:*:*:*:*:*:*",
                     matchCriteriaId: "81880B84-5E9D-4B7F-B1D5-1BF8D25DAF5D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_5_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "8011D2A7-770B-4AE5-80E6-C762F4F0BB55",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_6:*:*:*:*:*:*",
                     matchCriteriaId: "A58603E3-5AFC-4606-8F9E-1B4FF9A9B843",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_6_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "BED5F42A-5FFF-43E0-9BAD-A5E6C1110551",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_6_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "ACC24566-0C5A-480D-AA79-19C5E9CE3D70",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7:*:*:*:*:*:*",
                     matchCriteriaId: "ABE64339-EF0B-4430-9768-FA7DE82AA61F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "FF79CA67-765A-4CCB-B1CB-EE1FC02CFCFA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "A3E71353-9AFF-4B6D-89BC-A2909A7C5DDF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "C9C5B57E-7852-4E38-9BDA-864CF6F9DB5A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2a:*:*:*:*:*:*",
                     matchCriteriaId: "EAA2E502-FCBC-404D-8FFA-4601F1D5B747",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2b:*:*:*:*:*:*",
                     matchCriteriaId: "650956A6-8DE6-4C16-A77C-2B208B41DF5F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_3a:*:*:*:*:*:*",
                     matchCriteriaId: "A49AC0E0-9164-43AD-959A-55FCB7965858",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_3b:*:*:*:*:*:*",
                     matchCriteriaId: "24A4F6D1-2005-43CA-A282-6B532046CC60",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_4:*:*:*:*:*:*",
                     matchCriteriaId: "46277115-1A2B-4526-83E8-1446EB5A1EAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "6CDFB167-F252-46A6-A5F6-EF9A4F93FC03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "43DE243B-E90A-4857-A3A6-3A045FE2D75F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_2a:*:*:*:*:*:*",
                     matchCriteriaId: "33689F99-48DD-47C6-AFAC-DC5D10785860",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_2b:*:*:*:*:*:*",
                     matchCriteriaId: "8F664F1F-5FB2-48B1-93C7-5DF415E673B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_8:*:*:*:*:*:*",
                     matchCriteriaId: "C641B881-7379-448A-A785-3381C72F8353",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "03D48963-936B-4A48-8859-A5066A259E03",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "9149B850-7196-476A-9A27-DEB85B8C6F19",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "10622260-FCBC-4CC0-804E-55D75200FC46",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_4:*:*:*:*:*:*",
                     matchCriteriaId: "629C9A33-02A6-459E-92F2-A815FFA5BC73",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_5:*:*:*:*:*:*",
                     matchCriteriaId: "28C0B816-2DE4-4314-8505-8A7F2EB6AE64",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_9:*:*:*:*:*:*",
                     matchCriteriaId: "CF44F7A1-D153-4723-BA45-0FE4E4725C2F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_9_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "F9952FD7-E982-471E-933A-812FB24D7180",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:vancouver:patch_9_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "5143ED1D-7B8A-4167-B76D-3946E9920E3B",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow deployed an update to hosted instances and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes.",
      },
      {
         lang: "es",
         value: " ServiceNow ha solucionado una vulnerabilidad de validación de entrada que se identificó en Now Platform. Esta vulnerabilidad podría permitir que un usuario no autenticado ejecute código de forma remota dentro del contexto de Now Platform. ServiceNow implementó una actualización en las instancias alojadas y proporcionó la actualización a nuestros socios y clientes alojados por ellos mismos. Además, la vulnerabilidad se soluciona en los parches y correcciones urgentes que se indican.",
      },
   ],
   id: "CVE-2024-8923",
   lastModified: "2024-11-27T19:31:56.417",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 9.8,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 5.9,
            source: "psirt@servicenow.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "HIGH",
               baseScore: 10,
               baseSeverity: "CRITICAL",
               confidentialityImpact: "HIGH",
               integrityImpact: "HIGH",
               privilegesRequired: "NONE",
               scope: "CHANGED",
               userInteraction: "NONE",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
               version: "3.1",
            },
            exploitabilityScore: 3.9,
            impactScore: 6,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
      cvssMetricV40: [
         {
            cvssData: {
               Automatable: "NOT_DEFINED",
               Recovery: "NOT_DEFINED",
               Safety: "NOT_DEFINED",
               attackComplexity: "LOW",
               attackRequirements: "NONE",
               attackVector: "NETWORK",
               availabilityRequirement: "NOT_DEFINED",
               baseScore: 9.3,
               baseSeverity: "CRITICAL",
               confidentialityRequirement: "NOT_DEFINED",
               exploitMaturity: "NOT_DEFINED",
               integrityRequirement: "NOT_DEFINED",
               modifiedAttackComplexity: "NOT_DEFINED",
               modifiedAttackRequirements: "NOT_DEFINED",
               modifiedAttackVector: "NOT_DEFINED",
               modifiedPrivilegesRequired: "NOT_DEFINED",
               modifiedSubAvailabilityImpact: "NOT_DEFINED",
               modifiedSubConfidentialityImpact: "NOT_DEFINED",
               modifiedSubIntegrityImpact: "NOT_DEFINED",
               modifiedUserInteraction: "NOT_DEFINED",
               modifiedVulnAvailabilityImpact: "NOT_DEFINED",
               modifiedVulnConfidentialityImpact: "NOT_DEFINED",
               modifiedVulnIntegrityImpact: "NOT_DEFINED",
               privilegesRequired: "NONE",
               providerUrgency: "NOT_DEFINED",
               subAvailabilityImpact: "NONE",
               subConfidentialityImpact: "NONE",
               subIntegrityImpact: "NONE",
               userInteraction: "NONE",
               valueDensity: "NOT_DEFINED",
               vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
               version: "4.0",
               vulnAvailabilityImpact: "HIGH",
               vulnConfidentialityImpact: "HIGH",
               vulnIntegrityImpact: "HIGH",
               vulnerabilityResponseEffort: "NOT_DEFINED",
            },
            source: "psirt@servicenow.com",
            type: "Secondary",
         },
      ],
   },
   published: "2024-10-29T16:15:06.417",
   references: [
      {
         source: "psirt@servicenow.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1706070",
      },
   ],
   sourceIdentifier: "psirt@servicenow.com",
   vulnStatus: "Analyzed",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-94",
            },
         ],
         source: "psirt@servicenow.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-94",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2023-05-23 17:15
Modified
2024-11-21 07:38
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts.
References
psirt@servicenow.comhttps://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1262967Vendor Advisory
psirt@servicenow.comhttps://www.linkedin.com/in/osamay/Permissions Required
af854a3a-2127-422b-91ae-364da2661108https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1262967Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.linkedin.com/in/osamay/Permissions Required
Impacted products
Vendor Product Version
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow rome
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow san_diego
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow tokyo
servicenow servicenow utah


To clipboard 

{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:-:*:*:*:*:*:*",
                     matchCriteriaId: "F59FAF00-135F-4AC1-B68E-B6F1ED98ACAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_1:*:*:*:*:*:*",
                     matchCriteriaId: "52C8A7D2-F930-4078-9E9D-E48782E46CBD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "512C81E4-0C27-42EC-AD05-7563B50EF1DD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "2B403376-993D-404D-B75B-A2B634095DD9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "A5BBA03C-2A2E-4259-9F8E-99622F6758B7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "D609B90C-E67E-461A-8756-36E06E265FF0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_10:*:*:*:*:*:*",
                     matchCriteriaId: "5E3198D2-CC9C-46F7-A366-6C16F3F35439",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "DD0D5C00-C5D2-4E30-BEB7-AA2ACBE68CF3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "F5B1C958-54DF-45BE-BD2B-60A44B846971",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_2a:*:*:*:*:*:*",
                     matchCriteriaId: "6BE785D2-A5C9-4ED7-968A-C01F257E8514",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_2b:*:*:*:*:*:*",
                     matchCriteriaId: "2AE0A295-ECDE-4D0A-A104-F1E66F950915",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_3b:*:*:*:*:*:*",
                     matchCriteriaId: "F2A509AC-A984-41D3-9F1D-03428344F1BB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_2:*:*:*:*:*:*",
                     matchCriteriaId: "EAA82A56-93C2-47DC-92BA-D2EBF0C19EEC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_3:*:*:*:*:*:*",
                     matchCriteriaId: "B053530E-1CB3-4A86-BD4B-569750776A53",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_3_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "4CF1B2AB-D561-4396-AA99-71FCD55B5D3E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_4:*:*:*:*:*:*",
                     matchCriteriaId: "00EE16EE-B759-4BD8-A30B-C952142C860E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "1F157018-E6F2-45D1-8B54-68C051247798",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "88603AEF-0EC2-4006-B7F2-E5FFAC8F354C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "FB5BC2C0-A5CF-455F-A732-E49672B5682E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_5:*:*:*:*:*:*",
                     matchCriteriaId: "66E9CCC4-7BC4-4FC2-8B54-B8746A83256C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_5_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "56E7DB16-6ABC-4ED3-99C1-A33914242405",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_5_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "55AC0E29-0F51-4D1D-A5EF-AECD29FAE417",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_6:*:*:*:*:*:*",
                     matchCriteriaId: "5DCC0D37-6840-4882-84E1-AE1E83ABF31B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_6_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "CF53F785-2D19-48FB-9D88-9817785E5082",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_6_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "9EAAADE1-5804-44FB-BD9A-881BDA4FE1F0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_7_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "DECC9979-3A0B-4F36-85D1-DD539A7D18C9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_7a:*:*:*:*:*:*",
                     matchCriteriaId: "563F3D85-A23A-453F-9932-3044F8B5566C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_7b:*:*:*:*:*:*",
                     matchCriteriaId: "3C770579-EDDC-4F46-8288-33A13289A8A4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_8:*:*:*:*:*:*",
                     matchCriteriaId: "78447698-90FF-4010-BF0B-3294E2EBB69B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_8_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "A32EF135-C229-49B1-8766-1ED6066C7CC8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_8_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "22E5BA6F-6C66-4589-8AA9-C76776DCFCCB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_9:*:*:*:*:*:*",
                     matchCriteriaId: "AE93BECE-CC4A-400A-9322-5E61DA5E6A75",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_9_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "38D3CF30-CAC5-49B1-B527-9C9D24C28A54",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_9a:*:*:*:*:*:*",
                     matchCriteriaId: "8C48A10D-0295-4023-AB20-0BE4D8AA582A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:rome:patch_9b:*:*:*:*:*:*",
                     matchCriteriaId: "0F42AF52-C388-44BB-B328-5E77CF9E4622",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:-:*:*:*:*:*:*",
                     matchCriteriaId: "F63300E0-AF0E-44DA-BEC4-D7F560DCE4C4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1:*:*:*:*:*:*",
                     matchCriteriaId: "71A44062-D94F-4246-A218-33AD4C43C7FF",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "6A4ABAF4-C84B-4E7B-A156-24640B7D56EE",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1a:*:*:*:*:*:*",
                     matchCriteriaId: "2855AE65-1B96-4537-BB6E-7659114955EA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1b:*:*:*:*:*:*",
                     matchCriteriaId: "63725CBE-34A5-4B9E-BA8E-32E66B89C646",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_2:*:*:*:*:*:*",
                     matchCriteriaId: "8B2DC45C-17A0-4D92-AB29-3497DA43707E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_2_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "F2822278-2089-4F78-86EE-D63A9516B5A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3:*:*:*:*:*:*",
                     matchCriteriaId: "49444E5E-0AB7-4083-8663-089955134AA7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "8B5E2C3D-F838-48E0-8135-455AF964221D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "2494C288-83E1-48DF-9661-540B26C9137E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "815997A7-39CB-4C78-B776-54DECE294AA1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_4:*:*:*:*:*:*",
                     matchCriteriaId: "DE7FDD4B-163B-462A-A80C-454F5040FF90",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_4:*:*:*:*:*:*",
                     matchCriteriaId: "FB55D9E6-FD9C-48A8-800D-10C665120792",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_4a:*:*:*:*:*:*",
                     matchCriteriaId: "D481F300-EDF4-4E22-B865-F3AAFCE27692",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_6:*:*:*:*:*:*",
                     matchCriteriaId: "5C99222F-B676-471F-8E44-707024B2B097",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_7:*:*:*:*:*:*",
                     matchCriteriaId: "276A7ABE-2437-455C-9C5B-C05CAAC183A5",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_7_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "5719FE4C-B14A-4A68-8C0F-D9BBA8123056",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_7_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "2FDD5B2E-8FFF-45A4-BAF4-2091F59ED199",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_7_hottix_3:*:*:*:*:*:*",
                     matchCriteriaId: "6DA812CC-CF9F-4642-873F-8C0F8DEF9534",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_7a:*:*:*:*:*:*",
                     matchCriteriaId: "05C37C8D-C08F-49E4-BD57-03B61DA4D3BD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_7b:*:*:*:*:*:*",
                     matchCriteriaId: "F2371A53-1D57-4508-B18A-4FBA0288CF7B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_8:*:*:*:*:*:*",
                     matchCriteriaId: "BB9E765B-C094-4FC4-B9E3-0732F24C10D8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_8_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "406329D1-A894-4D98-BCC0-DFAF25B811DC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_8_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "BD9DC522-29A8-457F-AC76-9DD53DCDE80E",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:san_diego:patch_9:*:*:*:*:*:*",
                     matchCriteriaId: "9D6F99C1-F264-4592-AD5F-9A7B04F9D7F3",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:-:*:*:*:*:*:*",
                     matchCriteriaId: "4332BE18-DA60-4921-A9DF-C434AB32839B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_1:*:*:*:*:*:*",
                     matchCriteriaId: "09179BB2-B8D4-4FF9-925E-B5B259EFDF4F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_1_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "B328AB49-9C8F-4A0E-86C7-76071156EDAA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_1a:*:*:*:*:*:*",
                     matchCriteriaId: "25F6EDF2-EC52-4821-80A7-1B7DB55CD5FC",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_1b:*:*:*:*:*:*",
                     matchCriteriaId: "634CC5CF-5883-44A9-86D9-7DFEADCB4AC0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_2:*:*:*:*:*:*",
                     matchCriteriaId: "F5DD8964-4A2D-4CE8-9C45-58E20DB30964",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_2_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "5A964834-0D6A-4E63-8A7A-F4B5DF2C1AAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_2_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "EFEE723D-8418-448A-9005-212B8BDB2C05",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_2_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "487E9543-6417-4915-A884-20C4BF457543",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_2_hotfix_4:*:*:*:*:*:*",
                     matchCriteriaId: "E9338643-E8E2-494E-841D-A2756A4A8EAB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_3:*:*:*:*:*:*",
                     matchCriteriaId: "FDDF1F29-9BF2-4F82-B375-8BC4E38E6D2D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_3_hotfix_1:*:*:*:*:*:*",
                     matchCriteriaId: "853308FF-6FE0-480E-8B7A-05C4723FB08A",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_3_hotfix_2:*:*:*:*:*:*",
                     matchCriteriaId: "2AE7A9ED-6C15-436D-8CB5-A557BE6064D0",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_3_hotfix_3:*:*:*:*:*:*",
                     matchCriteriaId: "9972BE30-D7DE-4687-BC1D-867790D281A8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_3_hotfix_4:*:*:*:*:*:*",
                     matchCriteriaId: "E26FD8E6-C762-4CE1-8B90-7BCBBC372ADA",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:tokyo:patch_4:*:*:*:*:*:*",
                     matchCriteriaId: "F76C3CB6-D1DF-433B-ADA8-E1751DCA4FE7",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:servicenow:servicenow:utah:-:*:*:*:*:*:*",
                     matchCriteriaId: "69E0078E-1953-4F4F-9D5A-B1A140C4B310",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts.",
      },
   ],
   id: "CVE-2023-1209",
   lastModified: "2024-11-21T07:38:40.413",
   metrics: {
      cvssMetricV31: [
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "NONE",
               privilegesRequired: "NONE",
               scope: "UNCHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.8,
            impactScore: 1.4,
            source: "psirt@servicenow.com",
            type: "Secondary",
         },
         {
            cvssData: {
               attackComplexity: "LOW",
               attackVector: "NETWORK",
               availabilityImpact: "NONE",
               baseScore: 5.4,
               baseSeverity: "MEDIUM",
               confidentialityImpact: "LOW",
               integrityImpact: "LOW",
               privilegesRequired: "LOW",
               scope: "CHANGED",
               userInteraction: "REQUIRED",
               vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
               version: "3.1",
            },
            exploitabilityScore: 2.3,
            impactScore: 2.7,
            source: "nvd@nist.gov",
            type: "Primary",
         },
      ],
   },
   published: "2023-05-23T17:15:08.950",
   references: [
      {
         source: "psirt@servicenow.com",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1262967",
      },
      {
         source: "psirt@servicenow.com",
         tags: [
            "Permissions Required",
         ],
         url: "https://www.linkedin.com/in/osamay/",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1262967",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Permissions Required",
         ],
         url: "https://www.linkedin.com/in/osamay/",
      },
   ],
   sourceIdentifier: "psirt@servicenow.com",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "psirt@servicenow.com",
         type: "Secondary",
      },
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

CVE-2023-1209 (GCVE-0-2023-1209)
Vulnerability from cvelistv5
Published
2023-05-23 16:41
Modified
2025-01-17 17:45
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts.
References
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1262967vendor-advisory
https://www.linkedin.com/in/osamay/x_reporter
Impacted products
Vendor Product Version
ServiceNow ServiceNow Records Version: 0   < Tokyo Patch 5
Version: 0   < Tokyo Patch 4a
Version: 0   < San Diego Patch 10
Version: 0   < San Diego Patch 9a
Version: 0   < Rome Patch 10 Hot Fix 4b
Version: 0   < Utah Patch 1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T05:40:59.882Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1262967",
               },
               {
                  tags: [
                     "x_reporter",
                     "x_transferred",
                  ],
                  url: "https://www.linkedin.com/in/osamay/",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-1209",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-01-17T17:45:41.144892Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-01-17T17:45:49.612Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "ServiceNow Records",
               vendor: "ServiceNow",
               versions: [
                  {
                     lessThan: "Tokyo Patch 5",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Tokyo Patch 4a",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "San Diego Patch 10",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "San Diego Patch 9a",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Rome Patch 10 Hot Fix 4b",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Utah Patch 1",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "reporter",
               user: "00000000-0000-4000-9000-000000000000",
               value: "Osama Yousef",
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts.",
                  },
               ],
               value: "Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-79",
                     description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-05-23T16:41:39.227Z",
            orgId: "303448ea-6ef3-4077-ad29-5c9bf253c375",
            shortName: "SN",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1262967",
            },
            {
               tags: [
                  "x_reporter",
               ],
               url: "https://www.linkedin.com/in/osamay/",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "303448ea-6ef3-4077-ad29-5c9bf253c375",
      assignerShortName: "SN",
      cveId: "CVE-2023-1209",
      datePublished: "2023-05-23T16:41:28.194Z",
      dateReserved: "2023-03-06T19:57:41.453Z",
      dateUpdated: "2025-01-17T17:45:49.612Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-39048 (GCVE-0-2022-39048)
Vulnerability from cvelistv5
Published
2023-04-10 00:00
Modified
2025-02-07 20:14
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks, including, but not limited to, phishing, redirection, theft of CSRF tokens, and use of an authenticated user's browser or session to attack other systems.
References
https://support.servicenow.com/
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1221892
Impacted products
Vendor Product Version
Servicenow Now Platform Version: Tokyo   < Patch 1a
Version: San Diego   < Patch 7b
Version: Rome   < Patch 10 Hotfix 2b
Version: Quebec   < Patch 10 Hotfix 10b
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T11:10:32.338Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.servicenow.com/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1221892",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2022-39048",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-02-07T20:13:45.492244Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-79",
                        description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-07T20:14:00.361Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Now Platform",
               vendor: "Servicenow",
               versions: [
                  {
                     changes: [
                        {
                           at: "Patch 2",
                           status: "unaffected",
                        },
                     ],
                     lessThan: "Patch 1a",
                     status: "affected",
                     version: "Tokyo",
                     versionType: "custom",
                  },
                  {
                     changes: [
                        {
                           at: "Patch 9",
                           status: "unaffected",
                        },
                     ],
                     lessThan: "Patch 7b",
                     status: "affected",
                     version: "San Diego",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Patch 10 Hotfix 2b",
                     status: "affected",
                     version: "Rome",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Patch 10 Hotfix 10b",
                     status: "affected",
                     version: "Quebec",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "finder",
               user: "00000000-0000-4000-9000-000000000000",
               value: "theamanrawat",
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<p>A XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks, including, but not limited to, phishing, redirection, theft of CSRF tokens, and use of an authenticated user's browser or session to attack other systems.</p>",
                  },
               ],
               value: "A XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks, including, but not limited to, phishing, redirection, theft of CSRF tokens, and use of an authenticated user's browser or session to attack other systems.\n\n",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 6.1,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Cross Site Scripting (XSS)",
                     lang: "en",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-04-18T15:27:13.546Z",
            orgId: "303448ea-6ef3-4077-ad29-5c9bf253c375",
            shortName: "SN",
         },
         references: [
            {
               url: "https://support.servicenow.com/",
            },
            {
               url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1221892",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "Cross-Site Scripting (XSS) vulnerability in ServiceNow UI page assessment_redirect",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "303448ea-6ef3-4077-ad29-5c9bf253c375",
      assignerShortName: "SN",
      cveId: "CVE-2022-39048",
      datePublished: "2023-04-10T00:00:00.000Z",
      dateReserved: "2022-08-31T00:00:00.000Z",
      dateUpdated: "2025-02-07T20:14:00.361Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-42704 (GCVE-0-2022-42704)
Vulnerability from cvelistv5
Published
2023-01-12 00:00
Modified
2025-04-09 13:13
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp) in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget.
References
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1216141
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T13:10:41.436Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1216141",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  cvssV3_1: {
                     attackComplexity: "LOW",
                     attackVector: "NETWORK",
                     availabilityImpact: "NONE",
                     baseScore: 5.4,
                     baseSeverity: "MEDIUM",
                     confidentialityImpact: "LOW",
                     integrityImpact: "LOW",
                     privilegesRequired: "LOW",
                     scope: "CHANGED",
                     userInteraction: "REQUIRED",
                     vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                     version: "3.1",
                  },
               },
               {
                  other: {
                     content: {
                        id: "CVE-2022-42704",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-04-09T13:13:34.638992Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-79",
                        description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-04-09T13:13:40.445Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp) in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-01-12T00:00:00.000Z",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1216141",
            },
         ],
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-42704",
      datePublished: "2023-01-12T00:00:00.000Z",
      dateReserved: "2022-10-10T00:00:00.000Z",
      dateUpdated: "2025-04-09T13:13:40.445Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2023-1298 (GCVE-0-2023-1298)
Vulnerability from cvelistv5
Published
2023-07-06 17:13
Modified
2024-10-21 21:11
Severity ?
4.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Summary
ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts.
References
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1310230vendor-advisory
https://www.linkedin.com/in/osamay/
Impacted products
Vendor Product Version
ServiceNow Now User Experience Version: 0   < San Diego Patch 10
Version: 0   < Tokyo Patch 4b
Version: 0   < Tokyo Patch 6
Version: 0   < Utah Patch 1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-02T05:40:59.973Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "vendor-advisory",
                     "x_transferred",
                  ],
                  url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1310230",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.linkedin.com/in/osamay/",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2023-1298",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-21T21:06:59.183731Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-21T21:11:09.595Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Now User Experience",
               vendor: "ServiceNow",
               versions: [
                  {
                     lessThan: "San Diego Patch 10",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Tokyo Patch 4b",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Tokyo Patch 6",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Utah Patch 1",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "finder",
               user: "00000000-0000-4000-9000-000000000000",
               value: "Osama Yousef",
            },
         ],
         datePublic: "2023-07-06T17:15:00.000Z",
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<span style=\"background-color: rgb(255, 255, 255);\">ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts.</span><br>",
                  },
               ],
               value: "ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts.\n",
            },
         ],
         impacts: [
            {
               capecId: "CAPEC-63",
               descriptions: [
                  {
                     lang: "en",
                     value: "CAPEC-63",
                  },
               ],
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-79",
                     description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-07-07T17:13:15.119Z",
            orgId: "303448ea-6ef3-4077-ad29-5c9bf253c375",
            shortName: "SN",
         },
         references: [
            {
               tags: [
                  "vendor-advisory",
               ],
               url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1310230",
            },
            {
               url: "https://www.linkedin.com/in/osamay/",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "303448ea-6ef3-4077-ad29-5c9bf253c375",
      assignerShortName: "SN",
      cveId: "CVE-2023-1298",
      datePublished: "2023-07-06T17:13:27.552Z",
      dateReserved: "2023-03-09T19:33:01.065Z",
      dateUpdated: "2024-10-21T21:11:09.595Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-46886 (GCVE-0-2022-46886)
Vulnerability from cvelistv5
Published
2023-04-14 00:00
Modified
2025-02-06 21:46
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Summary
There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain.
References
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1219857
Impacted products
Vendor Product Version
ServiceNow ServiceNow Version: Tokyo   < Tokyo Patch 1b
Version: San Diego   < San Diego Patch 7b
Version: Rome   < Rome Patch 10 Hotfix 2b
Version: Quebec   < Quebec Patch 10 Hotfix 10b
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T14:39:38.636Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1219857",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2022-46886",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-02-06T21:46:23.163978Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            problemTypes: [
               {
                  descriptions: [
                     {
                        cweId: "CWE-601",
                        description: "CWE-601 URL Redirection to Untrusted Site ('Open Redirect')",
                        lang: "en",
                        type: "CWE",
                     },
                  ],
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-06T21:46:36.801Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "ServiceNow",
               vendor: "ServiceNow",
               versions: [
                  {
                     changes: [
                        {
                           at: "Tokyo Patch 3",
                           status: "unaffected",
                        },
                     ],
                     lessThan: "Tokyo Patch 1b",
                     status: "affected",
                     version: "Tokyo",
                     versionType: "custom",
                  },
                  {
                     changes: [
                        {
                           at: "San Diego Patch 9",
                           status: "unaffected",
                        },
                     ],
                     lessThan: "San Diego Patch 7b",
                     status: "affected",
                     version: "San Diego",
                     versionType: "custom",
                  },
                  {
                     changes: [
                        {
                           at: "Rome Patch 10 Hotfix 3b",
                           status: "unaffected",
                        },
                     ],
                     lessThan: "Rome Patch 10 Hotfix 2b",
                     status: "affected",
                     version: "Rome",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Quebec Patch 10 Hotfix 10b",
                     status: "affected",
                     version: "Quebec",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "finder",
               user: "00000000-0000-4000-9000-000000000000",
               value: "theamanrawat",
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<p>There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain.</p>",
                  },
               ],
               value: "There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain.\n\n",
            },
         ],
         exploits: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<p>Successful exploitation of this vulnerability potentially could be used to facilitate targeted attacks such as phishing.  This may enable attackers to redirect authenticated users to domains the attackers control and cause the disclosure of sensitive information, like login credentials.</p>",
                  },
               ],
               value: "Successful exploitation of this vulnerability potentially could be used to facilitate targeted attacks such as phishing.  This may enable attackers to redirect authenticated users to domains the attackers control and cause the disclosure of sensitive information, like login credentials.\n\n",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "LOW",
                  baseScore: 5.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "open redirect",
                     lang: "en",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-04-17T21:53:31.401Z",
            orgId: "303448ea-6ef3-4077-ad29-5c9bf253c375",
            shortName: "SN",
         },
         references: [
            {
               url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1219857",
            },
         ],
         source: {
            discovery: "EXTERNAL",
         },
         x_generator: {
            engine: "Vulnogram 0.0.9",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "303448ea-6ef3-4077-ad29-5c9bf253c375",
      assignerShortName: "SN",
      cveId: "CVE-2022-46886",
      datePublished: "2023-04-14T00:00:00.000Z",
      dateReserved: "2022-12-09T00:00:00.000Z",
      dateUpdated: "2025-02-06T21:46:36.801Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2024-8924 (GCVE-0-2024-8924)
Vulnerability from cvelistv5
Published
2024-10-29 16:14
Modified
2024-10-31 03:55
Severity ?
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information. ServiceNow deployed an update to hosted instances, and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes.
References
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1706072
Impacted products
Vendor Product Version
ServiceNow Now Platform Version: 0   < Utah Patch 10b Hot Fix 3
Version: 0   < Vancouver Patch 8 Hot Fix 5
Version: 0   < Vancouver Patch 9 Hot Fix 3b
Version: 0   < Vancouver Patch 10 Hot Fix 2
Version: 0   < Washington DC Patch 4 Hot Fix 2b
Version: 0   < Washington DC Patch 5 Hot Fix 6
Version: 0   < Washington DC Patch 6 Hot Fix 1
Version: 0   < Washington DC Patch 7
Version: 0   < Xanadu Patch 1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:a:servicenow:servicenow:utah:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "servicenow",
                  vendor: "servicenow",
                  versions: [
                     {
                        lessThan: "Utah Patch 10b Hot Fix 3",
                        status: "affected",
                        version: "Utah",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:servicenow:servicenow:vancouver:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "servicenow",
                  vendor: "servicenow",
                  versions: [
                     {
                        lessThan: "Vancouver Patch 8 Hot Fix 5",
                        status: "affected",
                        version: "Vancouver",
                        versionType: "custom",
                     },
                     {
                        lessThan: "Vancouver Patch 9 Hot Fix 3b",
                        status: "affected",
                        version: "Vancouver",
                        versionType: "custom",
                     },
                     {
                        lessThan: "Vancouver Patch 10 Hot Fix 2",
                        status: "affected",
                        version: "Vancouver",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:servicenow:servicenow:washington_dc:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "servicenow",
                  vendor: "servicenow",
                  versions: [
                     {
                        lessThan: "Washington DC Patch 4 Hot Fix 2b",
                        status: "affected",
                        version: "Washington_DC",
                        versionType: "custom",
                     },
                     {
                        lessThan: "Washington DC Patch 5 Hot Fix 6",
                        status: "affected",
                        version: "Washington_DC",
                        versionType: "custom",
                     },
                     {
                        lessThan: "Washington DC Patch 6 Hot Fix 1",
                        status: "affected",
                        version: "Washington_DC",
                        versionType: "custom",
                     },
                     {
                        lessThan: "Washington DC Patch 7",
                        status: "affected",
                        version: "Washington_DC",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:servicenow:servicenow:xanadu:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "servicenow",
                  vendor: "servicenow",
                  versions: [
                     {
                        lessThan: "Xanadu Patch 1",
                        status: "affected",
                        version: "Xanadu",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-8924",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-30T00:00:00+00:00",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-31T03:55:17.683Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Now Platform",
               vendor: "ServiceNow",
               versions: [
                  {
                     lessThan: "Utah Patch 10b Hot Fix 3",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Vancouver Patch 8 Hot Fix 5",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Vancouver Patch 9 Hot Fix 3b",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Vancouver Patch 10 Hot Fix 2",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Washington DC Patch 4 Hot Fix 2b",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Washington DC Patch 5 Hot Fix 6",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Washington DC Patch 6 Hot Fix 1",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Washington DC Patch 7",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Xanadu Patch 1",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "finder",
               value: "T-Mobile",
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<span style=\"background-color: rgb(255, 255, 255);\">ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information.&nbsp;</span><span style=\"background-color: var(--wht);\">ServiceNow deployed an update to hosted instances, and ServiceNow provided the update to our partners and self-hosted customers.&nbsp;</span><span style=\"background-color: var(--wht);\">Further, the vulnerability is addressed in the listed patches and hot fixes.</span><br>",
                  },
               ],
               value: "ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information. ServiceNow deployed an update to hosted instances, and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes.",
            },
         ],
         metrics: [
            {
               cvssV4_0: {
                  Automatable: "NOT_DEFINED",
                  Recovery: "NOT_DEFINED",
                  Safety: "NOT_DEFINED",
                  attackComplexity: "LOW",
                  attackRequirements: "NONE",
                  attackVector: "NETWORK",
                  baseScore: 8.7,
                  baseSeverity: "HIGH",
                  privilegesRequired: "NONE",
                  providerUrgency: "NOT_DEFINED",
                  subAvailabilityImpact: "NONE",
                  subConfidentialityImpact: "NONE",
                  subIntegrityImpact: "NONE",
                  userInteraction: "NONE",
                  valueDensity: "NOT_DEFINED",
                  vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                  version: "4.0",
                  vulnAvailabilityImpact: "NONE",
                  vulnConfidentialityImpact: "HIGH",
                  vulnIntegrityImpact: "NONE",
                  vulnerabilityResponseEffort: "NOT_DEFINED",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-89",
                     description: "CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-10-29T16:14:38.836Z",
            orgId: "303448ea-6ef3-4077-ad29-5c9bf253c375",
            shortName: "SN",
         },
         references: [
            {
               url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1706072",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "Unauthenticated Blind SQL Injection in Core Platform",
         x_generator: {
            engine: "Vulnogram 0.2.0",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "303448ea-6ef3-4077-ad29-5c9bf253c375",
      assignerShortName: "SN",
      cveId: "CVE-2024-8924",
      datePublished: "2024-10-29T16:14:38.836Z",
      dateReserved: "2024-09-16T23:37:01.512Z",
      dateUpdated: "2024-10-31T03:55:17.683Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-38463 (GCVE-0-2022-38463)
Vulnerability from cvelistv5
Published
2022-08-23 18:07
Modified
2024-08-03 10:54
Severity ?
Summary
ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality.
References
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1156793x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T10:54:03.697Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1156793",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-08-23T18:07:57",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1156793",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2022-38463",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1156793",
                     refsource: "CONFIRM",
                     url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1156793",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-38463",
      datePublished: "2022-08-23T18:07:57",
      dateReserved: "2022-08-19T00:00:00",
      dateUpdated: "2024-08-03T10:54:03.697Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2024-4879 (GCVE-0-2024-4879)
Vulnerability from cvelistv5
Published
2024-07-10 16:16
Modified
2025-02-13 17:53
Severity ?
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
References
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1645154
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293x_login-required
https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit
Impacted products
Vendor Product Version
ServiceNow Now Platform Version: 0   < Utah Patch 10 Hot Fix 3
Version: 0   < Utah Patch 10a Hot Fix 2
Version: 0   < Vancouver Patch 6 Hot Fix 2
Version: 0   < Vancouver Patch 7 Hot Fix 3b
Version: 0   < Vancouver Patch 8 Hot Fix 4
Version: 0   < Vancouver Patch 9
Version: 0   < Vancouver Patch 10
Version: 0   < Washington DC Patch 1 Hot Fix 2b
Version: 0   < Washington DC Patch 2 Hot Fix 2
Version: 0   < Washington DC Patch 3 Hot Fix 1
Version: 0   < Washington DC Patch 4
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unaffected",
                  product: "servicenow",
                  vendor: "servicenow",
                  versions: [
                     {
                        lessThan: "utah_patch_10_hot_fix_3",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "utah_patch_10a_hot_fix_2",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "vancouver_patch_6_hot_fix_2",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "vancouver_patch_7_hot_fix_3b",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "vancouver_patch_8_hot_fix_4",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "vancouver_patch_9",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "vancouver_patch_10",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "washington_dc_patch_1_hot_fix_2b",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "washington_dc_patch_2_hot_fix_2",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "washington_dc_patch_3_hot_fix_1",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "washington_dc_patch_4",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-4879",
                        options: [
                           {
                              Exploitation: "active",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-07-29T18:58:02.257329Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
               {
                  other: {
                     content: {
                        dateAdded: "2024-07-29",
                        reference: "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json",
                     },
                     type: "kev",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-07-29T19:01:07.944Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-01T20:55:10.283Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1645154",
               },
               {
                  tags: [
                     "x_login-required",
                     "x_transferred",
                  ],
                  url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Now Platform",
               vendor: "ServiceNow",
               versions: [
                  {
                     lessThan: "Utah Patch 10 Hot Fix 3",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Utah Patch 10a Hot Fix 2",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Vancouver Patch 6 Hot Fix 2",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Vancouver Patch 7 Hot Fix 3b",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Vancouver Patch 8 Hot Fix 4",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Vancouver Patch 9",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Vancouver Patch 10",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Washington DC Patch 1 Hot Fix 2b",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Washington DC Patch 2 Hot Fix 2",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Washington DC Patch 3 Hot Fix 1",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Washington DC Patch 4",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "finder",
               value: "Adam Kues",
            },
            {
               lang: "en",
               type: "finder",
               value: "Assetnote Attack Surface Management",
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<span style=\"background-color: rgb(255, 255, 255);\"><span style=\"background-color: rgb(255, 255, 255);\">ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform.</span>&nbsp;</span>ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.<div></div>",
                  },
               ],
               value: "ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.",
            },
         ],
         metrics: [
            {
               cvssV4_0: {
                  Automatable: "NOT_DEFINED",
                  Recovery: "NOT_DEFINED",
                  Safety: "NOT_DEFINED",
                  attackComplexity: "LOW",
                  attackRequirements: "NONE",
                  attackVector: "NETWORK",
                  baseScore: 9.3,
                  baseSeverity: "CRITICAL",
                  privilegesRequired: "NONE",
                  providerUrgency: "NOT_DEFINED",
                  subAvailabilityImpact: "NONE",
                  subConfidentialityImpact: "NONE",
                  subIntegrityImpact: "NONE",
                  userInteraction: "NONE",
                  valueDensity: "NOT_DEFINED",
                  vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                  version: "4.0",
                  vulnAvailabilityImpact: "HIGH",
                  vulnConfidentialityImpact: "HIGH",
                  vulnIntegrityImpact: "HIGH",
                  vulnerabilityResponseEffort: "NOT_DEFINED",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-1287",
                     description: "CWE-1287 Improper Validation of Specified Type of Input",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-07-29T22:28:49.374Z",
            orgId: "303448ea-6ef3-4077-ad29-5c9bf253c375",
            shortName: "SN",
         },
         references: [
            {
               url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1645154",
            },
            {
               tags: [
                  "x_login-required",
               ],
               url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293",
            },
            {
               url: "https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "Jelly Template Injection Vulnerability in ServiceNow UI Macros",
         x_generator: {
            engine: "Vulnogram 0.2.0",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "303448ea-6ef3-4077-ad29-5c9bf253c375",
      assignerShortName: "SN",
      cveId: "CVE-2024-4879",
      datePublished: "2024-07-10T16:16:39.926Z",
      dateReserved: "2024-05-14T17:39:41.655Z",
      dateUpdated: "2025-02-13T17:53:42.424Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2021-45901 (GCVE-0-2021-45901)
Vulnerability from cvelistv5
Published
2022-02-10 13:59
Modified
2024-08-04 04:54
Severity ?
Summary
The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists.
References
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/x_refsource_MISC
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/servicenow-username-enumeration-vulnerability-cve-2021-45901/x_refsource_MISC
http://packetstormsecurity.com/files/165989/ServiceNow-Orlando-Username-Enumeration.htmlx_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T04:54:31.164Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/servicenow-username-enumeration-vulnerability-cve-2021-45901/",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/165989/ServiceNow-Orlando-Username-Enumeration.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-02-16T18:06:23",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/servicenow-username-enumeration-vulnerability-cve-2021-45901/",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://packetstormsecurity.com/files/165989/ServiceNow-Orlando-Username-Enumeration.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2021-45901",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/",
                     refsource: "MISC",
                     url: "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/",
                  },
                  {
                     name: "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/servicenow-username-enumeration-vulnerability-cve-2021-45901/",
                     refsource: "MISC",
                     url: "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/servicenow-username-enumeration-vulnerability-cve-2021-45901/",
                  },
                  {
                     name: "http://packetstormsecurity.com/files/165989/ServiceNow-Orlando-Username-Enumeration.html",
                     refsource: "MISC",
                     url: "http://packetstormsecurity.com/files/165989/ServiceNow-Orlando-Username-Enumeration.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2021-45901",
      datePublished: "2022-02-10T13:59:20",
      dateReserved: "2021-12-27T00:00:00",
      dateUpdated: "2024-08-04T04:54:31.164Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-46389 (GCVE-0-2022-46389)
Vulnerability from cvelistv5
Published
2023-04-17 00:00
Modified
2025-02-06 16:01
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego Patch 9, Tokyo Patch 4, and Utah GA. This enables an unauthenticated remote attacker to execute arbitrary JavaScript code in the browser-based web console.
References
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1272156
Impacted products
Vendor Product Version
ServiceNow Now Platform Version: Quebec   < Patch 10 Hotfix 11b
Version: Rome   < Patch 10 Hotfix 3b
Version: San Diego   < Patch 9
Version: Tokyo   < Patch 4
Version: Utah   < GA
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T14:31:46.337Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1272156",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2022-46389",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-02-06T16:01:34.843493Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-02-06T16:01:59.247Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "Now Platform",
               vendor: "ServiceNow",
               versions: [
                  {
                     lessThan: "Patch 10 Hotfix 11b",
                     status: "affected",
                     version: "Quebec",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Patch 10 Hotfix 3b",
                     status: "affected",
                     version: "Rome",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Patch 9",
                     status: "affected",
                     version: "San Diego",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Patch 4",
                     status: "affected",
                     version: "Tokyo",
                     versionType: "custom",
                  },
                  {
                     lessThan: "GA",
                     status: "affected",
                     version: "Utah",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               value: "Bao Bui a.k.a 0xd0ff9 from VNG Security Team",
            },
         ],
         datePublic: "2023-04-07T00:00:00.000Z",
         descriptions: [
            {
               lang: "en",
               value: "There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego Patch 9, Tokyo Patch 4, and Utah GA. This enables an unauthenticated remote attacker to execute arbitrary JavaScript code in the browser-based web console.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 6.1,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  version: "3.1",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-79",
                     description: "CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-04-17T00:00:00.000Z",
            orgId: "303448ea-6ef3-4077-ad29-5c9bf253c375",
            shortName: "SN",
         },
         references: [
            {
               url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1272156",
            },
         ],
         source: {
            discovery: "EXTERNAL",
         },
         title: "Cross-Site Scripting (XSS) vulnerability found on logout functionality",
         x_generator: {
            engine: "Vulnogram 0.0.9",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "303448ea-6ef3-4077-ad29-5c9bf253c375",
      assignerShortName: "SN",
      cveId: "CVE-2022-46389",
      datePublished: "2023-04-17T00:00:00.000Z",
      dateReserved: "2022-12-04T00:00:00.000Z",
      dateUpdated: "2025-02-06T16:01:59.247Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-43684 (GCVE-0-2022-43684)
Vulnerability from cvelistv5
Published
2023-06-13 18:51
Modified
2025-02-13 16:33
Severity ?
9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality. Additional Details This issue is present in the following supported ServiceNow releases: * Quebec prior to Patch 10 Hot Fix 8b * Rome prior to Patch 10 Hot Fix 1 * San Diego prior to Patch 7 * Tokyo prior to Tokyo Patch 1; and * Utah prior to Utah General Availability If this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls.
References
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1303489
http://seclists.org/fulldisclosure/2023/Jul/11
https://news.ycombinator.com/item?id=36638530
https://x64.sh/posts/ServiceNow-Insecure-access-control-to-admin/
http://packetstormsecurity.com/files/173354/ServiceNow-Insecure-Access-Control-Full-Admin-Compromise.html
Impacted products
Vendor Product Version
ServiceNow Now Platform Version: Quebec   < Patch 10 Hot Fix 8b
Version: Rome   < Patch 10 Hot Fix 1
Version: San Diego   < Patch 7
Version: Tokyo   < Tokyo Patch 1
Version: Utah   < Utah General Availability (GA)
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T13:40:06.227Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1303489",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://seclists.org/fulldisclosure/2023/Jul/11",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://news.ycombinator.com/item?id=36638530",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://x64.sh/posts/ServiceNow-Insecure-access-control-to-admin/",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "http://packetstormsecurity.com/files/173354/ServiceNow-Insecure-Access-Control-Full-Admin-Compromise.html",
               },
            ],
            title: "CVE Program Container",
         },
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2022-43684",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "no",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-01-02T20:40:28.652664Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-01-02T20:40:46.154Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Now Platform",
               vendor: "ServiceNow",
               versions: [
                  {
                     lessThan: "Patch 10 Hot Fix 8b",
                     status: "affected",
                     version: "Quebec",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Patch 10 Hot Fix 1",
                     status: "affected",
                     version: "Rome",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Patch 7",
                     status: "affected",
                     version: "San Diego",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Tokyo Patch 1",
                     status: "affected",
                     version: "Tokyo",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Utah General Availability (GA)",
                     status: "affected",
                     version: "Utah",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "finder",
               user: "00000000-0000-4000-9000-000000000000",
               value: "Luke Symons",
            },
            {
               lang: "en",
               type: "finder",
               user: "00000000-0000-4000-9000-000000000000",
               value: "Tony Wu",
            },
            {
               lang: "en",
               type: "finder",
               user: "00000000-0000-4000-9000-000000000000",
               value: "Eldar Marcussen",
            },
            {
               lang: "en",
               type: "finder",
               user: "00000000-0000-4000-9000-000000000000",
               value: "Gareth Phillips",
            },
            {
               lang: "en",
               type: "finder",
               user: "00000000-0000-4000-9000-000000000000",
               value: "Jeff Thomas",
            },
            {
               lang: "en",
               type: "finder",
               user: "00000000-0000-4000-9000-000000000000",
               value: "Nadeem Salim",
            },
            {
               lang: "en",
               type: "finder",
               user: "00000000-0000-4000-9000-000000000000",
               value: "Stephen Bradshaw",
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<div><p>ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality.</p></div><p><strong>Additional Details</strong></p><div><p>This issue is present in the following supported ServiceNow releases: </p></div><div><ul><li>Quebec prior to Patch 10 Hot Fix 8b</li><li>Rome prior to Patch 10 Hot Fix 1</li><li>San Diego prior to Patch 7</li><li>Tokyo prior to Tokyo Patch 1; and </li><li>Utah prior to Utah General Availability </li></ul></div><div><p>If this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls.</p></div>",
                  },
               ],
               value: "ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality.\n\n\n\nAdditional Details\n\nThis issue is present in the following supported ServiceNow releases: \n\n\n\n  *  Quebec prior to Patch 10 Hot Fix 8b\n  *  Rome prior to Patch 10 Hot Fix 1\n  *  San Diego prior to Patch 7\n  *  Tokyo prior to Tokyo Patch 1; and \n  *  Utah prior to Utah General Availability \n\n\n\n\nIf this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls.",
            },
         ],
         metrics: [
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 9.9,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "LOW",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-200",
                     description: "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2023-07-11T17:06:41.003Z",
            orgId: "303448ea-6ef3-4077-ad29-5c9bf253c375",
            shortName: "SN",
         },
         references: [
            {
               url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1303489",
            },
            {
               url: "http://seclists.org/fulldisclosure/2023/Jul/11",
            },
            {
               url: "https://news.ycombinator.com/item?id=36638530",
            },
            {
               url: "https://x64.sh/posts/ServiceNow-Insecure-access-control-to-admin/",
            },
            {
               url: "http://packetstormsecurity.com/files/173354/ServiceNow-Insecure-Access-Control-Full-Admin-Compromise.html",
            },
         ],
         source: {
            discovery: "EXTERNAL",
         },
         title: "ACL bypass in Reporting functionality",
         x_generator: {
            engine: "Vulnogram 0.1.0-dev",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "303448ea-6ef3-4077-ad29-5c9bf253c375",
      assignerShortName: "SN",
      cveId: "CVE-2022-43684",
      datePublished: "2023-06-13T18:51:39.984Z",
      dateReserved: "2022-10-24T04:08:01.240Z",
      dateUpdated: "2025-02-13T16:33:36.489Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2024-8923 (GCVE-0-2024-8923)
Vulnerability from cvelistv5
Published
2024-10-29 16:07
Modified
2024-10-31 03:55
Severity ?
9.3 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow deployed an update to hosted instances and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes.
References
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1706070
Impacted products
Vendor Product Version
ServiceNow Now Platform Version: 0   < Vancouver Patch 9 Hot Fix 2a
Version: 0   < Vancouver Patch 10
Version: 0   < Washington DC Patch 4 Hot Fix 1a
Version: 0   < Washington DC Patch 5
Version: 0   < Xanadu GA Release
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:a:servicenow:servicenow:vancouver:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "servicenow",
                  vendor: "servicenow",
                  versions: [
                     {
                        lessThan: "Vancouver Patch 9 Hot Fix 2a",
                        status: "affected",
                        version: "Vancouver",
                        versionType: "custom",
                     },
                     {
                        lessThan: "Vancouver Patch 10",
                        status: "affected",
                        version: "Vancouver",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:servicenow:servicenow:washington_dc:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "servicenow",
                  vendor: "servicenow",
                  versions: [
                     {
                        lessThan: "Washington DC Patch 4 Hot Fix 1a",
                        status: "affected",
                        version: "Washington_DC",
                        versionType: "custom",
                     },
                     {
                        lessThan: "Washington DC Patch 5",
                        status: "affected",
                        version: "Washington_DC",
                        versionType: "custom",
                     },
                  ],
               },
               {
                  cpes: [
                     "cpe:2.3:a:servicenow:servicenow:xanadu:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unknown",
                  product: "servicenow",
                  vendor: "servicenow",
                  versions: [
                     {
                        lessThan: "Xanadu GA Release",
                        status: "affected",
                        version: "Xanadu",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-8923",
                        options: [
                           {
                              Exploitation: "none",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-10-30T00:00:00+00:00",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-10-31T03:55:16.080Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Now Platform",
               vendor: "ServiceNow",
               versions: [
                  {
                     lessThan: "Vancouver Patch 9 Hot Fix 2a",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Vancouver Patch 10",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Washington DC Patch 4 Hot Fix 1a",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Washington DC Patch 5",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Xanadu GA Release",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "finder",
               value: "T-Mobile",
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<span style=\"background-color: rgb(255, 255, 255);\">ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform.&nbsp;</span><span style=\"background-color: var(--wht);\">ServiceNow deployed an update to hosted instances and ServiceNow provided the update to our partners and self-hosted customers.&nbsp;</span><span style=\"background-color: var(--wht);\">Further, the vulnerability is addressed in the listed patches and hot fixes.</span>",
                  },
               ],
               value: "ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow deployed an update to hosted instances and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes.",
            },
         ],
         metrics: [
            {
               cvssV4_0: {
                  Automatable: "NOT_DEFINED",
                  Recovery: "NOT_DEFINED",
                  Safety: "NOT_DEFINED",
                  attackComplexity: "LOW",
                  attackRequirements: "NONE",
                  attackVector: "NETWORK",
                  baseScore: 9.3,
                  baseSeverity: "CRITICAL",
                  privilegesRequired: "NONE",
                  providerUrgency: "NOT_DEFINED",
                  subAvailabilityImpact: "NONE",
                  subConfidentialityImpact: "NONE",
                  subIntegrityImpact: "NONE",
                  userInteraction: "NONE",
                  valueDensity: "NOT_DEFINED",
                  vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                  version: "4.0",
                  vulnAvailabilityImpact: "HIGH",
                  vulnConfidentialityImpact: "HIGH",
                  vulnIntegrityImpact: "HIGH",
                  vulnerabilityResponseEffort: "NOT_DEFINED",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-94",
                     description: "CWE-94 Improper Control of Generation of Code ('Code Injection')",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-10-29T16:23:19.336Z",
            orgId: "303448ea-6ef3-4077-ad29-5c9bf253c375",
            shortName: "SN",
         },
         references: [
            {
               url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1706070",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "Sandbox Escape in Now Platform",
         x_generator: {
            engine: "Vulnogram 0.2.0",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "303448ea-6ef3-4077-ad29-5c9bf253c375",
      assignerShortName: "SN",
      cveId: "CVE-2024-8923",
      datePublished: "2024-10-29T16:07:07.310Z",
      dateReserved: "2024-09-16T23:33:41.375Z",
      dateUpdated: "2024-10-31T03:55:16.080Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2022-38172 (GCVE-0-2022-38172)
Vulnerability from cvelistv5
Published
2022-08-23 18:02
Modified
2024-08-03 10:45
Severity ?
Summary
ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard.
References
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1122640x_refsource_CONFIRM
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T10:45:52.998Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1122640",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-08-23T18:02:07",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1122640",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2022-38172",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1122640",
                     refsource: "CONFIRM",
                     url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1122640",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2022-38172",
      datePublished: "2022-08-23T18:02:07",
      dateReserved: "2022-08-12T00:00:00",
      dateUpdated: "2024-08-03T10:45:52.998Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2024-5217 (GCVE-0-2024-5217)
Vulnerability from cvelistv5
Published
2024-07-10 16:28
Modified
2025-02-13 17:54
Severity ?
9.2 (Critical) - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
References
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1648313
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293x_login-required
https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit
Impacted products
Vendor Product Version
ServiceNow Now Platform Version: 0   < Utah Patch 10 Hot Fix 3
Version: 0   < Utah Patch 10a Hot Fix 2
Version: 0   < Utah Patch 10b Hot Fix 1
Version: 0   < Vancouver Patch 6 Hot Fix 2
Version: 0   < Vancouver Patch 7 Hot Fix 3b
Version: 0   < Vancouver Patch 8 Hot Fix 4
Version: 0   < Vancouver Patch 9 Hot Fix 1
Version: 0   < Vancouver Patch 10
Version: 0   < Washington DC Patch 1 Hot Fix 3b
Version: 0   < Washington DC Patch 2 Hot Fix 2
Version: 0   < Washington DC Patch 3 Hot Fix 2
Version: 0   < Washington DC Patch 4
Version: 0   < Washington DC Patch 5
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            affected: [
               {
                  cpes: [
                     "cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*",
                  ],
                  defaultStatus: "unaffected",
                  product: "servicenow",
                  vendor: "servicenow",
                  versions: [
                     {
                        lessThan: "utah_patch_10_hot_fix_3",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "utah_patch_10a_hot_fix_2",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "utah_patch_10b_hot_fix_1",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "vancouver_patch_6_hot_fix_2",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "vancouver_patch_7_hot_fix_3b",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "vancouver_patch_8_hot_fix_4",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "vancouver_patch_9_hot_fix_1",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "vancouver_patch_10",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "washington_dc_patch_1_hot_fix_3b",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "washington_dc_patch_2_hot_fix_2",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "washington_dc_patch_3_hot_fix_2",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "washington_dc_patch_4",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                     {
                        lessThan: "washington_dc_patch_5",
                        status: "affected",
                        version: "0",
                        versionType: "custom",
                     },
                  ],
               },
            ],
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2024-5217",
                        options: [
                           {
                              Exploitation: "active",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "total",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2024-07-29T19:00:26.864987Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
               {
                  other: {
                     content: {
                        dateAdded: "2024-07-29",
                        reference: "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json",
                     },
                     type: "kev",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2024-07-29T19:00:29.497Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            title: "CISA ADP Vulnrichment",
         },
         {
            providerMetadata: {
               dateUpdated: "2024-08-01T21:03:11.097Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1648313",
               },
               {
                  tags: [
                     "x_login-required",
                     "x_transferred",
                  ],
                  url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293",
               },
               {
                  tags: [
                     "x_transferred",
                  ],
                  url: "https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               defaultStatus: "unaffected",
               product: "Now Platform",
               vendor: "ServiceNow",
               versions: [
                  {
                     lessThan: "Utah Patch 10 Hot Fix 3",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Utah Patch 10a Hot Fix 2",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Utah Patch 10b Hot Fix 1",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Vancouver Patch 6 Hot Fix 2",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Vancouver Patch 7 Hot Fix 3b",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Vancouver Patch 8 Hot Fix 4",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Vancouver Patch 9 Hot Fix 1",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Vancouver Patch 10",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Washington DC Patch 1 Hot Fix 3b",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Washington DC Patch 2 Hot Fix 2",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Washington DC Patch 3 Hot Fix 2",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Washington DC Patch 4",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
                  {
                     lessThan: "Washington DC Patch 5",
                     status: "affected",
                     version: "0",
                     versionType: "custom",
                  },
               ],
            },
         ],
         credits: [
            {
               lang: "en",
               type: "finder",
               value: "Adam Kues",
            },
            {
               lang: "en",
               type: "finder",
               value: "Assetnote Attack Surface Management",
            },
         ],
         descriptions: [
            {
               lang: "en",
               supportingMedia: [
                  {
                     base64: false,
                     type: "text/html",
                     value: "<span style=\"background-color: rgb(255, 255, 255);\">ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform.&nbsp;</span><span style=\"background-color: rgb(255, 255, 255);\">The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.</span><br>",
                  },
               ],
               value: "ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.",
            },
         ],
         metrics: [
            {
               cvssV4_0: {
                  Automatable: "NOT_DEFINED",
                  Recovery: "NOT_DEFINED",
                  Safety: "NOT_DEFINED",
                  attackComplexity: "LOW",
                  attackRequirements: "PRESENT",
                  attackVector: "NETWORK",
                  baseScore: 9.2,
                  baseSeverity: "CRITICAL",
                  privilegesRequired: "NONE",
                  providerUrgency: "NOT_DEFINED",
                  subAvailabilityImpact: "NONE",
                  subConfidentialityImpact: "NONE",
                  subIntegrityImpact: "NONE",
                  userInteraction: "NONE",
                  valueDensity: "NOT_DEFINED",
                  vectorString: "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
                  version: "4.0",
                  vulnAvailabilityImpact: "HIGH",
                  vulnConfidentialityImpact: "HIGH",
                  vulnIntegrityImpact: "HIGH",
                  vulnerabilityResponseEffort: "NOT_DEFINED",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
            {
               cvssV3_1: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 9.8,
                  baseSeverity: "CRITICAL",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.1",
               },
               format: "CVSS",
               scenarios: [
                  {
                     lang: "en",
                     value: "GENERAL",
                  },
               ],
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-184",
                     description: "CWE-184 Incomplete List of Disallowed Inputs",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2024-07-29T22:29:22.478Z",
            orgId: "303448ea-6ef3-4077-ad29-5c9bf253c375",
            shortName: "SN",
         },
         references: [
            {
               url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1648313",
            },
            {
               tags: [
                  "x_login-required",
               ],
               url: "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293",
            },
            {
               url: "https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit",
            },
         ],
         source: {
            discovery: "UNKNOWN",
         },
         title: "Incomplete Input Validation in GlideExpression Script",
         x_generator: {
            engine: "Vulnogram 0.2.0",
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "303448ea-6ef3-4077-ad29-5c9bf253c375",
      assignerShortName: "SN",
      cveId: "CVE-2024-5217",
      datePublished: "2024-07-10T16:28:32.649Z",
      dateReserved: "2024-05-22T18:36:08.570Z",
      dateUpdated: "2025-02-13T17:54:06.926Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

CVE-2018-7748 (GCVE-0-2018-7748)
Vulnerability from cvelistv5
Published
2018-08-03 18:00
Modified
2024-08-05 06:37
Severity ?
Summary
report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '${xyz}' Glide Scripting Injection in the sysparm_media parameter.
References
https://telekomsecurity.github.io/2018/07/servicenow-privilege-escalation.htmlx_refsource_MISC
https://telekomsecurity.github.io/assets/advisories/20180104_ServiceNow_GlideInjection.txtx_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T06:37:59.470Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://telekomsecurity.github.io/2018/07/servicenow-privilege-escalation.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://telekomsecurity.github.io/assets/advisories/20180104_ServiceNow_GlideInjection.txt",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2018-07-27T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '${xyz}' Glide Scripting Injection in the sysparm_media parameter.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-08-03T17:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://telekomsecurity.github.io/2018/07/servicenow-privilege-escalation.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://telekomsecurity.github.io/assets/advisories/20180104_ServiceNow_GlideInjection.txt",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2018-7748",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '${xyz}' Glide Scripting Injection in the sysparm_media parameter.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://telekomsecurity.github.io/2018/07/servicenow-privilege-escalation.html",
                     refsource: "MISC",
                     url: "https://telekomsecurity.github.io/2018/07/servicenow-privilege-escalation.html",
                  },
                  {
                     name: "https://telekomsecurity.github.io/assets/advisories/20180104_ServiceNow_GlideInjection.txt",
                     refsource: "MISC",
                     url: "https://telekomsecurity.github.io/assets/advisories/20180104_ServiceNow_GlideInjection.txt",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2018-7748",
      datePublished: "2018-08-03T18:00:00",
      dateReserved: "2018-03-07T00:00:00",
      dateUpdated: "2024-08-05T06:37:59.470Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}