CVE-2022-39048
6.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
A XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks, including, but not limited to, phishing, redirection, theft of CSRF tokens, and use of an authenticated user's browser or session to attack other systems.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Servicenow | Now Platform | Tokyo < Patch 1a | affected |
| Servicenow | Now Platform | San Diego < Patch 7b | affected |
| Servicenow | Now Platform | Rome < Patch 10 Hotfix 2b | affected |
| Servicenow | Now Platform | Quebec < Patch 10 Hotfix 10b | affected |
Weaknesses
- Cross Site Scripting (XSS)
ADP Enrichment
CVE Program Container
Additional References
- https://support.servicenow.com/
- https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1221892
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://support.servicenow.com/
- https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1221892
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.