1. CVE-Search
  2. CVE-2022-43684
ID CVE-2022-43684
Summary ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality. Additional Details This issue is present in the following supported ServiceNow releases: * Quebec prior to Patch 10 Hot Fix 8b * Rome prior to Patch 10 Hot Fix 1 * San Diego prior to Patch 7 * Tokyo prior to Tokyo Patch 1; and * Utah prior to Utah General Availability If this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls.
References
Vulnerable Configurations
  • cpe:2.3:a:servicenow:servicenow:san_diego:patch_3:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:san_diego:patch_3:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:san_diego:patch_2_hotfix_1:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:san_diego:patch_2_hotfix_1:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:san_diego:patch_2:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:san_diego:patch_2:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1b:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1b:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1a:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1a:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:san_diego:patch_1:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:san_diego:patch_1:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:san_diego:patch_6:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:san_diego:patch_6:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:san_diego:patch_4:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:san_diego:patch_4:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:san_diego:patch_4a:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:san_diego:patch_4a:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_1:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_1:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_2:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_2:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_3:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_3:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_4:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_4:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_1:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_1:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_2:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_2:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_3:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_3:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_4:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_4:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:quebec:patch_10:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:quebec:patch_10:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:utah:-:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:utah:-:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1b:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1b:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_2:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_2:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_3:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_3:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_2_hotfix_1:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_2_hotfix_1:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_2_hotfix_2:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_2_hotfix_2:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_3_hotfix_1:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_3_hotfix_1:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1a:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1a:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1b:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1b:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_5:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_5:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_5_hotfix_1:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_5_hotfix_1:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_5_hotfix_2:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_5_hotfix_2:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_6:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_6:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_7:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_7:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_6_hotfix_1:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_6_hotfix_1:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_6_hotfix_2:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_6_hotfix_2:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_7_hotfix_1:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_7_hotfix_1:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_7a:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_7a:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_7b:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_7b:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_8:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_8:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_8_hotfix_1:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_8_hotfix_1:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_8_hotfix_2:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_8_hotfix_2:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_9:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_9:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_9a:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_9a:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_9b:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_9b:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_9_hotfix_1:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_9_hotfix_1:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_10:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_10:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:san_diego:patch_4b:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:san_diego:patch_4b:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:tokyo:-:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:tokyo:-:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:san_diego:patch_5:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:san_diego:patch_5:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1a:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1a:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:quebec:patch_1_hotfix_1:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:quebec:patch_1_hotfix_1:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:quebec:patch_2:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:quebec:patch_2:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:quebec:patch_2_hotfix_1:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:quebec:patch_2_hotfix_1:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:quebec:patch_2_hotfix_2:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:quebec:patch_2_hotfix_2:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:quebec:patch_3:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:quebec:patch_3:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:quebec:patch_4:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:quebec:patch_4:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:quebec:patch_4_hotfix_2:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:quebec:patch_4_hotfix_2:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:quebec:patch_5:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:quebec:patch_5:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:quebec:patch_6:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:quebec:patch_6:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:quebec:patch_7:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:quebec:patch_7:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:quebec:patch_8:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:quebec:patch_8:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:quebec:patch_9:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:quebec:patch_9:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:quebec:patch_10_hotfix_3:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:quebec:patch_10_hotfix_3:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:quebec:patch_10_hotfix_3a:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:quebec:patch_10_hotfix_3a:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:quebec:patch_10_hotfix_3b:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:quebec:patch_10_hotfix_3b:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:quebec:patch_10_hotfix_4:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:quebec:patch_10_hotfix_4:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:san_diego:patch_10_hotfix_1:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:san_diego:patch_10_hotfix_1:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:san_diego:patch_10_hotfix_1a:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:san_diego:patch_10_hotfix_1a:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:san_diego:patch_10_hotfix_1b:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:san_diego:patch_10_hotfix_1b:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:san_diego:patch_10_hotfix_2:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:san_diego:patch_10_hotfix_2:*:*:*:*:*:*
  • cpe:2.3:a:servicenow:servicenow:san_diego:patch_10_hotfix_2b:*:*:*:*:*:*
    cpe:2.3:a:servicenow:servicenow:san_diego:patch_10_hotfix_2b:*:*:*:*:*:*
CVSS
Base: None
Impact:
Exploitability:
CWE CWE-668
CAPEC
Access
VectorComplexityAuthentication
Impact
ConfidentialityIntegrityAvailability
Last major update 11-07-2023 - 18:15
Published 13-06-2023 - 19:15
Last modified 11-07-2023 - 18:15
Back to Top