Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

CVE-2022-46389

🗓️ 17 Apr 2023 00:00:00Reported by SNType 
cve
 cve🔗 web.nvd.nist.gov👁 36 Views

There's a reflected XSS in ServiceNow versions below Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego Patch 9, Tokyo Patch 4, and Utah GA

Related
Detection
Affected
Refs
NVD
Node
servicenowservicenowMatchquebec-
OR
servicenowservicenowMatchrome-
OR
servicenowservicenowMatchromeearly_availability
OR
servicenowservicenowMatchromepatch_1
OR
servicenowservicenowMatchromepatch_1_hotfix_1a
OR
servicenowservicenowMatchromepatch_1_hotfix_1b
OR
servicenowservicenowMatchromepatch_10
OR
servicenowservicenowMatchromepatch_2
OR
servicenowservicenowMatchromepatch_3
OR
servicenowservicenowMatchromepatch_4
OR
servicenowservicenowMatchromepatch_4_hotfix_1
OR
servicenowservicenowMatchromepatch_4_hotfix_1a
OR
servicenowservicenowMatchromepatch_4_hotfix_1b
OR
servicenowservicenowMatchromepatch_5
OR
servicenowservicenowMatchromepatch_6
OR
servicenowservicenowMatchromepatch_7
OR
servicenowservicenowMatchromepatch_7a
OR
servicenowservicenowMatchromepatch_7b
OR
servicenowservicenowMatchromepatch_8
OR
servicenowservicenowMatchromepatch_9
OR
servicenowservicenowMatchromepatch_9a
OR
servicenowservicenowMatchsan_diego-
OR
servicenowservicenowMatchsan_diegopatch_1
OR
servicenowservicenowMatchsan_diegopatch_1_hotfix_1
OR
servicenowservicenowMatchsan_diegopatch_1_hotfix_1a
OR
servicenowservicenowMatchsan_diegopatch_1_hotfix_1b
OR
servicenowservicenowMatchsan_diegopatch_2
OR
servicenowservicenowMatchsan_diegopatch_3
OR
servicenowservicenowMatchsan_diegopatch_4
OR
servicenowservicenowMatchsan_diegopatch_4a
OR
servicenowservicenowMatchsan_diegopatch_4b
OR
servicenowservicenowMatchsan_diegopatch_5
OR
servicenowservicenowMatchsan_diegopatch_6
OR
servicenowservicenowMatchsan_diegopatch_7
OR
servicenowservicenowMatchsan_diegopatch_7b
OR
servicenowservicenowMatchsan_diegopatch_8
OR
servicenowservicenowMatchtokyo-
OR
servicenowservicenowMatchtokyoearly_availability
OR
servicenowservicenowMatchtokyopatch_1
OR
servicenowservicenowMatchtokyopatch_1a
OR
servicenowservicenowMatchtokyopatch_1b
OR
servicenowservicenowMatchtokyopatch_2
OR
servicenowservicenowMatchtokyopatch_3
OR
servicenowservicenowMatchutah-
OR
servicenowservicenowMatchutahearly_availability
OR
servicenowservicenowMatchutahpatch_1
OR
servicenowservicenowMatchutahpatch_2
[
  {
    "vendor": "ServiceNow",
    "product": "Now Platform",
    "versions": [
      {
        "version": "Quebec",
        "status": "affected",
        "lessThan": "Patch 10 Hotfix 11b",
        "versionType": "custom"
      },
      {
        "version": "Rome",
        "status": "affected",
        "lessThan": "Patch 10 Hotfix 3b",
        "versionType": "custom"
      },
      {
        "version": "San Diego",
        "status": "affected",
        "lessThan": "Patch 9",
        "versionType": "custom"
      },
      {
        "version": "Tokyo",
        "status": "affected",
        "lessThan": "Patch 4",
        "versionType": "custom"
      },
      {
        "version": "Utah",
        "status": "affected",
        "lessThan": "GA",
        "versionType": "custom"
      }
    ]
  }
]

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Nov 2024 07:30Current
6.4Medium risk
Vulners AI Score6.4
CVSS 3.16.1
EPSS0.00677
SSVC
CWE-79
cve-2022-46389reflected xssservicenowsecurity vulnerabilitynvdremote code executionjavascript
36