PT-2023-14925 · Servicenow · Servicenow
Published
2023-04-17
·
Updated
2023-04-27
·
CVE-2022-46389
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
ServiceNow versions prior to Quebec Patch 10 Hotfix 11b
ServiceNow versions prior to Rome Patch 10 Hotfix 3b
ServiceNow versions prior to San Diego Patch 9
ServiceNow versions prior to Tokyo Patch 4
ServiceNow versions prior to Utah GA
Description
The issue is related to a reflected XSS within the logout functionality. This allows an unauthenticated remote attacker to execute arbitrary JavaScript code in the browser-based web console.
Recommendations
For versions prior to Quebec Patch 10 Hotfix 11b, update to Quebec Patch 10 Hotfix 11b or later.
For versions prior to Rome Patch 10 Hotfix 3b, update to Rome Patch 10 Hotfix 3b or later.
For versions prior to San Diego Patch 9, update to San Diego Patch 9 or later.
For versions prior to Tokyo Patch 4, update to Tokyo Patch 4 or later.
For versions prior to Utah GA, update to Utah GA or later.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Servicenow