6.1

CVE-2022-46886

There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ServicenowServicenow Versionquebec Update-
ServicenowServicenow Versionquebec Updatepatch_10
ServicenowServicenow Versionrome Updatepatch_1
ServicenowServicenow Versionrome Updatepatch_1_hotfix_1
ServicenowServicenow Versionrome Updatepatch_1_hotfix_1b
ServicenowServicenow Versionrome Updatepatch_1_hotfix_2
ServicenowServicenow Versionrome Updatepatch_1_hotfix_3
ServicenowServicenow Versionrome Updatepatch_10
ServicenowServicenow Versionrome Updatepatch_10_hotfix_1
ServicenowServicenow Versionrome Updatepatch_10_hotfix_2
ServicenowServicenow Versionrome Updatepatch_10_hotfix_2a
ServicenowServicenow Versionrome Updatepatch_2
ServicenowServicenow Versionrome Updatepatch_2_hotfix_1
ServicenowServicenow Versionrome Updatepatch_2_hotfix_2
ServicenowServicenow Versionrome Updatepatch_3
ServicenowServicenow Versionrome Updatepatch_3_hotfix_1
ServicenowServicenow Versionrome Updatepatch_4
ServicenowServicenow Versionrome Updatepatch_4_hotfix_1
ServicenowServicenow Versionrome Updatepatch_4_hotfix_1a
ServicenowServicenow Versionrome Updatepatch_4_hotfix_1b
ServicenowServicenow Versionrome Updatepatch_5
ServicenowServicenow Versionrome Updatepatch_5_hotfix_1
ServicenowServicenow Versionrome Updatepatch_5_hotfix_2
ServicenowServicenow Versionrome Updatepatch_6
ServicenowServicenow Versionrome Updatepatch_6_hotfix_1
ServicenowServicenow Versionrome Updatepatch_6_hotfix_2
ServicenowServicenow Versionrome Updatepatch_7
ServicenowServicenow Versionrome Updatepatch_7_hotfix_1
ServicenowServicenow Versionrome Updatepatch_7a
ServicenowServicenow Versionrome Updatepatch_7b
ServicenowServicenow Versionrome Updatepatch_8
ServicenowServicenow Versionrome Updatepatch_8_hotfix_1
ServicenowServicenow Versionrome Updatepatch_8_hotfix_2
ServicenowServicenow Versionrome Updatepatch_9
ServicenowServicenow Versionrome Updatepatch_9_hotfix_1
ServicenowServicenow Versionrome Updatepatch_9a
ServicenowServicenow Versionrome Updatepatch_9b
ServicenowServicenow Versionsan_diego Updatepatch_1
ServicenowServicenow Versionsan_diego Updatepatch_1_hotfix_1
ServicenowServicenow Versionsan_diego Updatepatch_1_hotfix_1a
ServicenowServicenow Versionsan_diego Updatepatch_1_hotfix_1b
ServicenowServicenow Versionsan_diego Updatepatch_2
ServicenowServicenow Versionsan_diego Updatepatch_2_hotfix_1
ServicenowServicenow Versionsan_diego Updatepatch_3
ServicenowServicenow Versionsan_diego Updatepatch_3_hotfix_1
ServicenowServicenow Versionsan_diego Updatepatch_3_hotfix_2
ServicenowServicenow Versionsan_diego Updatepatch_3_hotfix_3
ServicenowServicenow Versionsan_diego Updatepatch_3_hotfix_4
ServicenowServicenow Versionsan_diego Updatepatch_4
ServicenowServicenow Versionsan_diego Updatepatch_4a
ServicenowServicenow Versionsan_diego Updatepatch_4b
ServicenowServicenow Versionsan_diego Updatepatch_6
ServicenowServicenow Versionsan_diego Updatepatch_7
ServicenowServicenow Versionsan_diego Updatepatch_8
ServicenowServicenow Versiontokyo Update-
ServicenowServicenow Versiontokyo Updatepatch1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.11% 0.3
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.1 2.8 2.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
psirt@servicenow.com 5.5 2.1 3.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.