CVE-2022-39048

CVSS V2 None CVSS V3 None
Description
A XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks, including, but not limited to, phishing, redirection, theft of CSRF tokens, and use of an authenticated user's browser or session to attack other systems.
Overview
  • CVE ID
  • CVE-2022-39048
  • Assigner
  • cve@mitre.org
  • Vulnerability Status
  • Modified
  • Published Version
  • 2023-04-10T14:15:07
  • Last Modified Date
  • 2023-04-18T16:15:08
Weakness Enumerations
CWE URL
CWE-79 http://cwe.mitre.org/data/definitions/79.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:servicenow:servicenow:quebec:-:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:quebec:patch_10:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_1:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_1b:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_2:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_1_hotfix_3:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_10:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_1:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_2:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_10_hotfix_2a:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_2:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_2_hotfix_1:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_2_hotfix_2:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_3:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_3_hotfix_1:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_4:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1a:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_4_hotfix_1b:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_5:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_5_hotfix_1:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_5_hotfix_2:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_6:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_6_hotfix_1:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_6_hotfix_2:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_7:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_7_hotfix_1:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_7a:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_7b:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_8:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_8_hotfix_1:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_8_hotfix_2:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_9:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_9_hotfix_1:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_9a:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:rome:patch_9b:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:san_diego:patch_1:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1a:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:san_diego:patch_1_hotfix_1b:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:san_diego:patch_2:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:san_diego:patch_2_hotfix_1:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:san_diego:patch_3:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_1:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_2:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_3:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:san_diego:patch_3_hotfix_4:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:san_diego:patch_4:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:san_diego:patch_4a:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:san_diego:patch_4b:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:san_diego:patch_6:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:san_diego:patch_7:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:san_diego:patch_8:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:tokyo:-:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:tokyo:patch1:*:*:*:*:*:* 1 OR
cpe:2.3:a:servicenow:servicenow:utah:-:*:*:*:*:*:* 1 OR
References
Reference URL Reference Tags
https://support.servicenow.com Product
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1221892 Vendor Advisory
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-39048
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-39048
History
Created Old Value New Value Data Type Notes
2023-04-17 04:25:36 Added to TrackCVE
2023-04-17 04:25:38 Weakness Enumeration new
2023-04-18 00:00:27 2023-04-17T22:15:07 CVE Modified Date updated
2023-04-18 00:00:27 Analyzed Modified Vulnerability Status updated
2023-04-18 00:00:30 ServiceNow Tokyo allows XSS. XSS vulnerability that was identified in the ServiceNow UI page assessment_redirect.To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks, including, but not limited to, phishing, redirection, theft of CSRF tokens, and using an authenticated user's browser or session to attack other systems Description updated
2023-04-18 01:00:30 2023-04-18T00:15:07 CVE Modified Date updated
2023-04-18 01:00:30 XSS vulnerability that was identified in the ServiceNow UI page assessment_redirect.To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks, including, but not limited to, phishing, redirection, theft of CSRF tokens, and using an authenticated user's browser or session to attack other systems A XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks, including, but not limited to, phishing, redirection, theft of CSRF tokens, and use of an authenticated user's browser or session to attack other systems. Description updated
2023-04-18 19:00:32 2023-04-18T16:15:08 CVE Modified Date updated