Lucene search

[email protected]CVE-2019-20768

HistoryMay 05, 2020 - 10:15 p.m.

CVE-2019-20768

2020-05-0522:15:12

CWE-79

[email protected]

web.nvd.nist.gov

servicenow

itsm

xss

incident request

nvd

cve-2019-20768

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.4%

JSON

ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS via crafted sysparm_item_guid and sys_id parameters in an Incident Request to service_catalog.do.

Affected configurations

NVD

Node

servicenowit_service_managementMatchkingston-

servicenowit_service_managementMatchkingstonpatch_1

servicenowit_service_managementMatchkingstonpatch_10

servicenowit_service_managementMatchkingstonpatch_10-1

servicenowit_service_managementMatchkingstonpatch_10-2

servicenowit_service_managementMatchkingstonpatch_11

servicenowit_service_managementMatchkingstonpatch_12

servicenowit_service_managementMatchkingstonpatch_12-1

servicenowit_service_managementMatchkingstonpatch_12-2

servicenowit_service_managementMatchkingstonpatch_13

servicenowit_service_managementMatchkingstonpatch_14

servicenowit_service_managementMatchkingstonpatch_14-1

servicenowit_service_managementMatchkingstonpatch_2

servicenowit_service_managementMatchkingstonpatch_3

servicenowit_service_managementMatchkingstonpatch_3-1

servicenowit_service_managementMatchkingstonpatch_3-2

servicenowit_service_managementMatchkingstonpatch_3a-1

servicenowit_service_managementMatchkingstonpatch_4

servicenowit_service_managementMatchkingstonpatch_4-1

servicenowit_service_managementMatchkingstonpatch_4-2

servicenowit_service_managementMatchkingstonpatch_4-4

servicenowit_service_managementMatchkingstonpatch_5

servicenowit_service_managementMatchkingstonpatch_6

servicenowit_service_managementMatchkingstonpatch_6-1

servicenowit_service_managementMatchkingstonpatch_6-2

servicenowit_service_managementMatchkingstonpatch_6-3

servicenowit_service_managementMatchkingstonpatch_6-5

servicenowit_service_managementMatchkingstonpatch_7

servicenowit_service_managementMatchkingstonpatch_7-1

servicenowit_service_managementMatchkingstonpatch_8

servicenowit_service_managementMatchkingstonpatch_8-1

servicenowit_service_managementMatchkingstonpatch_9

servicenowit_service_managementMatchlondon-

servicenowit_service_managementMatchlondonpatch_1

servicenowit_service_managementMatchlondonpatch_1-2

servicenowit_service_managementMatchlondonpatch_1-3

servicenowit_service_managementMatchlondonpatch_2

servicenowit_service_managementMatchlondonpatch_2-2

servicenowit_service_managementMatchlondonpatch_2-4

servicenowit_service_managementMatchlondonpatch_2-5

servicenowit_service_managementMatchlondonpatch_3

servicenowit_service_managementMatchlondonpatch_3-3

servicenowit_service_managementMatchlondonpatch_3-4

servicenowit_service_managementMatchlondonpatch_4

servicenowit_service_managementMatchlondonpatch_4-1

servicenowit_service_managementMatchlondonpatch_4-2

servicenowit_service_managementMatchlondonpatch_4-3

servicenowit_service_managementMatchlondonpatch_4-4

servicenowit_service_managementMatchlondonpatch_4-5

servicenowit_service_managementMatchlondonpatch_4-6

servicenowit_service_managementMatchlondonpatch_5

servicenowit_service_managementMatchlondonpatch_5-1

servicenowit_service_managementMatchlondonpatch_6

servicenowit_service_managementMatchlondonpatch_6-1

servicenowit_service_managementMatchlondonpatch_6a-1

servicenowit_service_managementMatchlondonpatch_6b-1

servicenowit_service_managementMatchlondonpatch_7

servicenowit_service_managementMatchmadrid-

servicenowit_service_managementMatchmadridpatch_0-1

servicenowit_service_managementMatchmadridpatch_1

servicenowit_service_managementMatchmadridpatch_1-1

servicenowit_service_managementMatchmadridpatch_1-2

servicenowit_service_managementMatchmadridpatch_2

servicenowit_service_managementMatchmadridpatch_3

servicenowit_service_managementMatchmadridpatch_3-1

servicenowit_service_managementMatchmadridpatch_3-2

CPENameOperatorVersion
servicenow:it_service_managementservicenow it service managementeqkingston
servicenow:it_service_managementservicenow it service managementeqlondon
servicenow:it_service_managementservicenow it service managementeqmadrid

CPE	Name	Operator	Version
servicenow:it_service_management	servicenow it service management	eq	kingston
servicenow:it_service_management	servicenow it service management	eq	london
servicenow:it_service_management	servicenow it service management	eq	madrid

References

outpost24.com/blog/Responsible-disclosure-Multiple-stored-XSS-vulnerabilities-discovered-in-ServiceNow-ITSM

outpost24.com/blog?tags=307

3.5 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

5.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

5.2 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.4%

JSON

Related for CVE-2019-20768

prion1 cvelist1 nvd1