CVE-2022-43684

Name of the Vulnerable Software and Affected Versions ServiceNow versions Quebec prior to Patch 10 Hot Fix 8b ServiceNow versions Rome prior to Patch 10 Hot Fix 1 ServiceNow versions San Diego prior to Patch 7 ServiceNow versions Tokyo prior to Tokyo Patch 1 ServiceNow versions Utah prior to Utah General Availability

Description The issue is an Access Control List (ACL) bypass in ServiceNow Core functionality. If successfully exploited, it could allow an authenticated user to obtain sensitive information from tables missing authorization controls.

Recommendations For ServiceNow Quebec, apply Patch 10 Hot Fix 8b or later to resolve the issue. For ServiceNow Rome, apply Patch 10 Hot Fix 1 or later to resolve the issue. For ServiceNow San Diego, apply Patch 7 or later to resolve the issue. For ServiceNow Tokyo, apply Tokyo Patch 1 or later to resolve the issue. For ServiceNow Utah, upgrade to Utah General Availability or later to resolve the issue.