CVE-2022-43684

EPSS 0.2%
Veröffentlicht 13.06.2023 19:15:09
Zuletzt bearbeitet 13.02.2025 17:15:46
Quelle psirt@servicenow.com
CVE-Watchlists
Login
Unerledigt
Login

ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality.



Additional Details

This issue is present in the following supported ServiceNow releases: 



  *  Quebec prior to Patch 10 Hot Fix 8b
  *  Rome prior to Patch 10 Hot Fix 1
  *  San Diego prior to Patch 7
  *  Tokyo prior to Tokyo Patch 1; and 
  *  Utah prior to Utah General Availability 




If this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Servicenow ≫ Servicenow Versionquebec Updatepatch_1_hotfix_1

Servicenow ≫ Servicenow Versionquebec Updatepatch_10

Servicenow ≫ Servicenow Versionquebec Updatepatch_10_hotfix_3

Servicenow ≫ Servicenow Versionquebec Updatepatch_10_hotfix_3a

Servicenow ≫ Servicenow Versionquebec Updatepatch_10_hotfix_3b

Servicenow ≫ Servicenow Versionquebec Updatepatch_10_hotfix_4

Servicenow ≫ Servicenow Versionquebec Updatepatch_2

Servicenow ≫ Servicenow Versionquebec Updatepatch_2_hotfix_1

Servicenow ≫ Servicenow Versionquebec Updatepatch_2_hotfix_2

Servicenow ≫ Servicenow Versionquebec Updatepatch_3

Servicenow ≫ Servicenow Versionquebec Updatepatch_4

Servicenow ≫ Servicenow Versionquebec Updatepatch_4_hotfix_2

Servicenow ≫ Servicenow Versionquebec Updatepatch_5

Servicenow ≫ Servicenow Versionquebec Updatepatch_6

Servicenow ≫ Servicenow Versionquebec Updatepatch_7

Servicenow ≫ Servicenow Versionquebec Updatepatch_8

Servicenow ≫ Servicenow Versionquebec Updatepatch_9

Servicenow ≫ Servicenow Versionrome Updatepatch_1

Servicenow ≫ Servicenow Versionrome Updatepatch_1_hotfix_1

Servicenow ≫ Servicenow Versionrome Updatepatch_1_hotfix_1a

Servicenow ≫ Servicenow Versionrome Updatepatch_1_hotfix_1b

Servicenow ≫ Servicenow Versionrome Updatepatch_1_hotfix_2

Servicenow ≫ Servicenow Versionrome Updatepatch_1_hotfix_3

Servicenow ≫ Servicenow Versionrome Updatepatch_10

Servicenow ≫ Servicenow Versionrome Updatepatch_2

Servicenow ≫ Servicenow Versionrome Updatepatch_2_hotfix_1

Servicenow ≫ Servicenow Versionrome Updatepatch_2_hotfix_2

Servicenow ≫ Servicenow Versionrome Updatepatch_3

Servicenow ≫ Servicenow Versionrome Updatepatch_3_hotfix_1

Servicenow ≫ Servicenow Versionrome Updatepatch_4

Servicenow ≫ Servicenow Versionrome Updatepatch_4_hotfix_1

Servicenow ≫ Servicenow Versionrome Updatepatch_4_hotfix_1a

Servicenow ≫ Servicenow Versionrome Updatepatch_4_hotfix_1b

Servicenow ≫ Servicenow Versionrome Updatepatch_5

Servicenow ≫ Servicenow Versionrome Updatepatch_5_hotfix_1

Servicenow ≫ Servicenow Versionrome Updatepatch_5_hotfix_2

Servicenow ≫ Servicenow Versionrome Updatepatch_6

Servicenow ≫ Servicenow Versionrome Updatepatch_6_hotfix_1

Servicenow ≫ Servicenow Versionrome Updatepatch_6_hotfix_2

Servicenow ≫ Servicenow Versionrome Updatepatch_7

Servicenow ≫ Servicenow Versionrome Updatepatch_7_hotfix_1

Servicenow ≫ Servicenow Versionrome Updatepatch_7a

Servicenow ≫ Servicenow Versionrome Updatepatch_7b

Servicenow ≫ Servicenow Versionrome Updatepatch_8

Servicenow ≫ Servicenow Versionrome Updatepatch_8_hotfix_1

Servicenow ≫ Servicenow Versionrome Updatepatch_8_hotfix_2

Servicenow ≫ Servicenow Versionrome Updatepatch_9

Servicenow ≫ Servicenow Versionrome Updatepatch_9_hotfix_1

Servicenow ≫ Servicenow Versionrome Updatepatch_9a

Servicenow ≫ Servicenow Versionrome Updatepatch_9b

Servicenow ≫ Servicenow Versionsan_diego Updatepatch_1

Servicenow ≫ Servicenow Versionsan_diego Updatepatch_1_hotfix_1

Servicenow ≫ Servicenow Versionsan_diego Updatepatch_1_hotfix_1a

Servicenow ≫ Servicenow Versionsan_diego Updatepatch_1_hotfix_1b

Servicenow ≫ Servicenow Versionsan_diego Updatepatch_10_hotfix_1

Servicenow ≫ Servicenow Versionsan_diego Updatepatch_10_hotfix_1a

Servicenow ≫ Servicenow Versionsan_diego Updatepatch_10_hotfix_1b

Servicenow ≫ Servicenow Versionsan_diego Updatepatch_10_hotfix_2

Servicenow ≫ Servicenow Versionsan_diego Updatepatch_10_hotfix_2b

Servicenow ≫ Servicenow Versionsan_diego Updatepatch_2

Servicenow ≫ Servicenow Versionsan_diego Updatepatch_2_hotfix_1

Servicenow ≫ Servicenow Versionsan_diego Updatepatch_3

Servicenow ≫ Servicenow Versionsan_diego Updatepatch_3_hotfix_1

Servicenow ≫ Servicenow Versionsan_diego Updatepatch_3_hotfix_2

Servicenow ≫ Servicenow Versionsan_diego Updatepatch_3_hotfix_3

Servicenow ≫ Servicenow Versionsan_diego Updatepatch_3_hotfix_4

Servicenow ≫ Servicenow Versionsan_diego Updatepatch_4

Servicenow ≫ Servicenow Versionsan_diego Updatepatch_4a

Servicenow ≫ Servicenow Versionsan_diego Updatepatch_4b

Servicenow ≫ Servicenow Versionsan_diego Updatepatch_5

Servicenow ≫ Servicenow Versionsan_diego Updatepatch_6

Servicenow ≫ Servicenow Versiontokyo Update-

Servicenow ≫ Servicenow Versionutah Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.414

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
psirt@servicenow.com	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CWE-668 Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

http://packetstormsecurity.com/files/173354/ServiceNow-Insecure-Access-Control-Full-Admin-Compromise.html

http://seclists.org/fulldisclosure/2023/Jul/11

https://news.ycombinator.com/item?id=36638530

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1303489

Vendor Advisory

https://x64.sh/posts/ServiceNow-Insecure-access-control-to-admin/

https://nvd.nist.gov/vuln/detail/CVE-2022-43684

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-43684

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-43684

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-43684