CVE-2022-46886
5.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Summary
There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ServiceNow | ServiceNow | Tokyo < Tokyo Patch 1b | affected |
| ServiceNow | ServiceNow | San Diego < San Diego Patch 7b | affected |
| ServiceNow | ServiceNow | Rome < Rome Patch 10 Hotfix 2b | affected |
| ServiceNow | ServiceNow | Quebec < Quebec Patch 10 Hotfix 10b | affected |
Weaknesses
- open redirect
ADP Enrichment
CVE Program Container
Additional References
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.