fkie_nvd - fkie_cve-2022-46389

fkie_cve-2022-46389

Vulnerability from fkie_nvd

Published

2023-04-17 22:15

Modified

2024-11-21 07:30

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego Patch 9, Tokyo Patch 4, and Utah GA. This enables an unauthenticated remote attacker to execute arbitrary JavaScript code in the browser-based web console.

References

▼	URL	Tags
	psirt@servicenow.com	https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1272156	Vendor Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1272156	Vendor Advisory

Impacted products

Vendor	Product	Version
servicenow	servicenow	quebec
servicenow	servicenow	rome
servicenow	servicenow	rome
servicenow	servicenow	rome
servicenow	servicenow	rome
servicenow	servicenow	rome
servicenow	servicenow	rome
servicenow	servicenow	rome
servicenow	servicenow	rome
servicenow	servicenow	rome
servicenow	servicenow	rome
servicenow	servicenow	rome
servicenow	servicenow	rome
servicenow	servicenow	rome
servicenow	servicenow	rome
servicenow	servicenow	rome
servicenow	servicenow	rome
servicenow	servicenow	rome
servicenow	servicenow	rome
servicenow	servicenow	rome
servicenow	servicenow	rome
servicenow	servicenow	san_diego
servicenow	servicenow	san_diego
servicenow	servicenow	san_diego
servicenow	servicenow	san_diego
servicenow	servicenow	san_diego
servicenow	servicenow	san_diego
servicenow	servicenow	san_diego
servicenow	servicenow	san_diego
servicenow	servicenow	san_diego
servicenow	servicenow	san_diego
servicenow	servicenow	san_diego
servicenow	servicenow	san_diego
servicenow	servicenow	san_diego
servicenow	servicenow	san_diego
servicenow	servicenow	san_diego
servicenow	servicenow	tokyo
servicenow	servicenow	tokyo
servicenow	servicenow	tokyo
servicenow	servicenow	tokyo
servicenow	servicenow	tokyo
servicenow	servicenow	tokyo
servicenow	servicenow	tokyo
servicenow	servicenow	utah
servicenow	servicenow	utah
servicenow	servicenow	utah
servicenow	servicenow	utah

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:quebec:-:*:*:*:*:*:*",
              "matchCriteriaId": "C5A68765-7406-48CB-965E-6C09A7465CF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:rome:-:*:*:*:*:*:*",
              "matchCriteriaId": "F59FAF00-135F-4AC1-B68E-B6F1ED98ACAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:rome:early_availability:*:*:*:*:*:*",
              "matchCriteriaId": "5C8E54FC-835C-4F34-8514-D0BC8B807594",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_1:*:*:*:*:*:*",
              "matchCriteriaId": "52C8A7D2-F930-4078-9E9D-E48782E46CBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1a:*:*:*:*:*:*",
              "matchCriteriaId": "2B403376-993D-404D-B75B-A2B634095DD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1b:*:*:*:*:*:*",
              "matchCriteriaId": "A5BBA03C-2A2E-4259-9F8E-99622F6758B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_10:*:*:*:*:*:*",
              "matchCriteriaId": "5E3198D2-CC9C-46F7-A366-6C16F3F35439",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_2:*:*:*:*:*:*",
              "matchCriteriaId": "EAA82A56-93C2-47DC-92BA-D2EBF0C19EEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_3:*:*:*:*:*:*",
              "matchCriteriaId": "B053530E-1CB3-4A86-BD4B-569750776A53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_4:*:*:*:*:*:*",
              "matchCriteriaId": "00EE16EE-B759-4BD8-A30B-C952142C860E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1:*:*:*:*:*:*",
              "matchCriteriaId": "1F157018-E6F2-45D1-8B54-68C051247798",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1a:*:*:*:*:*:*",
              "matchCriteriaId": "88603AEF-0EC2-4006-B7F2-E5FFAC8F354C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1b:*:*:*:*:*:*",
              "matchCriteriaId": "FB5BC2C0-A5CF-455F-A732-E49672B5682E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_5:*:*:*:*:*:*",
              "matchCriteriaId": "66E9CCC4-7BC4-4FC2-8B54-B8746A83256C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_6:*:*:*:*:*:*",
              "matchCriteriaId": "5DCC0D37-6840-4882-84E1-AE1E83ABF31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_7:*:*:*:*:*:*",
              "matchCriteriaId": "DC20DB81-AA27-4BE5-9296-2E4E6000F56B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_7a:*:*:*:*:*:*",
              "matchCriteriaId": "563F3D85-A23A-453F-9932-3044F8B5566C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_7b:*:*:*:*:*:*",
              "matchCriteriaId": "3C770579-EDDC-4F46-8288-33A13289A8A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_8:*:*:*:*:*:*",
              "matchCriteriaId": "78447698-90FF-4010-BF0B-3294E2EBB69B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_9:*:*:*:*:*:*",
              "matchCriteriaId": "AE93BECE-CC4A-400A-9322-5E61DA5E6A75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:rome:patch_9a:*:*:*:*:*:*",
              "matchCriteriaId": "8C48A10D-0295-4023-AB20-0BE4D8AA582A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:-:*:*:*:*:*:*",
              "matchCriteriaId": "F63300E0-AF0E-44DA-BEC4-D7F560DCE4C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1:*:*:*:*:*:*",
              "matchCriteriaId": "71A44062-D94F-4246-A218-33AD4C43C7FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1:*:*:*:*:*:*",
              "matchCriteriaId": "6A4ABAF4-C84B-4E7B-A156-24640B7D56EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1a:*:*:*:*:*:*",
              "matchCriteriaId": "2855AE65-1B96-4537-BB6E-7659114955EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1b:*:*:*:*:*:*",
              "matchCriteriaId": "63725CBE-34A5-4B9E-BA8E-32E66B89C646",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_2:*:*:*:*:*:*",
              "matchCriteriaId": "8B2DC45C-17A0-4D92-AB29-3497DA43707E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_3:*:*:*:*:*:*",
              "matchCriteriaId": "49444E5E-0AB7-4083-8663-089955134AA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_4:*:*:*:*:*:*",
              "matchCriteriaId": "FB55D9E6-FD9C-48A8-800D-10C665120792",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_4a:*:*:*:*:*:*",
              "matchCriteriaId": "D481F300-EDF4-4E22-B865-F3AAFCE27692",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_4b:*:*:*:*:*:*",
              "matchCriteriaId": "311B0413-3771-4CAF-9A14-0726B2923A76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_5:*:*:*:*:*:*",
              "matchCriteriaId": "E74913AB-25EE-4F18-B2FA-5C261D7ADE25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_6:*:*:*:*:*:*",
              "matchCriteriaId": "5C99222F-B676-471F-8E44-707024B2B097",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_7:*:*:*:*:*:*",
              "matchCriteriaId": "276A7ABE-2437-455C-9C5B-C05CAAC183A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_7b:*:*:*:*:*:*",
              "matchCriteriaId": "F2371A53-1D57-4508-B18A-4FBA0288CF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:san_diego:patch_8:*:*:*:*:*:*",
              "matchCriteriaId": "BB9E765B-C094-4FC4-B9E3-0732F24C10D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:tokyo:-:*:*:*:*:*:*",
              "matchCriteriaId": "4332BE18-DA60-4921-A9DF-C434AB32839B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:tokyo:early_availability:*:*:*:*:*:*",
              "matchCriteriaId": "F347AF0E-EBED-4FC2-8994-E06891FC8879",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:tokyo:patch_1:*:*:*:*:*:*",
              "matchCriteriaId": "09179BB2-B8D4-4FF9-925E-B5B259EFDF4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:tokyo:patch_1a:*:*:*:*:*:*",
              "matchCriteriaId": "25F6EDF2-EC52-4821-80A7-1B7DB55CD5FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:tokyo:patch_1b:*:*:*:*:*:*",
              "matchCriteriaId": "634CC5CF-5883-44A9-86D9-7DFEADCB4AC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:tokyo:patch_2:*:*:*:*:*:*",
              "matchCriteriaId": "F5DD8964-4A2D-4CE8-9C45-58E20DB30964",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:tokyo:patch_3:*:*:*:*:*:*",
              "matchCriteriaId": "FDDF1F29-9BF2-4F82-B375-8BC4E38E6D2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:utah:-:*:*:*:*:*:*",
              "matchCriteriaId": "69E0078E-1953-4F4F-9D5A-B1A140C4B310",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:utah:early_availability:*:*:*:*:*:*",
              "matchCriteriaId": "03FE0B52-C7A6-4632-A09E-BE7AB8610DD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:utah:patch_1:*:*:*:*:*:*",
              "matchCriteriaId": "DB5CA109-5DC1-4952-AC15-69FAC332BCA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:servicenow:servicenow:utah:patch_2:*:*:*:*:*:*",
              "matchCriteriaId": "98E3E0AF-A341-43BB-91C6-75BBDE695280",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego Patch 9, Tokyo Patch 4, and Utah GA. This enables an unauthenticated remote attacker to execute arbitrary JavaScript code in the browser-based web console."
    }
  ],
  "id": "CVE-2022-46389",
  "lastModified": "2024-11-21T07:30:30.130",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "psirt@servicenow.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-04-17T22:15:07.840",
  "references": [
    {
      "source": "psirt@servicenow.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1272156"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1272156"
    }
  ],
  "sourceIdentifier": "psirt@servicenow.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "psirt@servicenow.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2022-46389 (GCVE-0-2022-46389)

Vulnerability from cvelistv5

Published

2023-04-17 00:00

Modified

2025-02-06 16:01

Severity ?

6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Summary

References

▼	URL	Tags
	https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1272156

Impacted products

	Vendor	Product	Version
	ServiceNow	Now Platform	Version: Quebec < Patch 10 Hotfix 11b Version: Rome < Patch 10 Hotfix 3b Version: San Diego < Patch 9 Version: Tokyo < Patch 4 Version: Utah < GA

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T14:31:46.337Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1272156"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-46389",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-06T16:01:34.843493Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-06T16:01:59.247Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Now Platform",
          "vendor": "ServiceNow",
          "versions": [
            {
              "lessThan": "Patch 10 Hotfix 11b",
              "status": "affected",
              "version": "Quebec",
              "versionType": "custom"
            },
            {
              "lessThan": "Patch 10 Hotfix 3b",
              "status": "affected",
              "version": "Rome",
              "versionType": "custom"
            },
            {
              "lessThan": "Patch 9",
              "status": "affected",
              "version": "San Diego",
              "versionType": "custom"
            },
            {
              "lessThan": "Patch 4",
              "status": "affected",
              "version": "Tokyo",
              "versionType": "custom"
            },
            {
              "lessThan": "GA",
              "status": "affected",
              "version": "Utah",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Bao Bui a.k.a 0xd0ff9 from VNG Security Team"
        }
      ],
      "datePublic": "2023-04-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego Patch 9, Tokyo Patch 4, and Utah GA. This enables an unauthenticated remote attacker to execute arbitrary JavaScript code in the browser-based web console."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-17T00:00:00.000Z",
        "orgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
        "shortName": "SN"
      },
      "references": [
        {
          "url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1272156"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "title": "Cross-Site Scripting (XSS) vulnerability found on logout functionality",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
    "assignerShortName": "SN",
    "cveId": "CVE-2022-46389",
    "datePublished": "2023-04-17T00:00:00.000Z",
    "dateReserved": "2022-12-04T00:00:00.000Z",
    "dateUpdated": "2025-02-06T16:01:59.247Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted