CVE-2022-46886

Summary

There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain.

Affected Software

VendorProductVersion RangeStatus
ServiceNowServiceNowTokyo < Tokyo Patch 1baffected
ServiceNowServiceNowSan Diego < San Diego Patch 7baffected
ServiceNowServiceNowRome < Rome Patch 10 Hotfix 2baffected
ServiceNowServiceNowQuebec < Quebec Patch 10 Hotfix 10baffected

Weaknesses

  • open redirect

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References