Reflected XSS in ServiceNow Logout Functionality
CVE-2022-38463

6.1MEDIUM

Key Information:

Vendor: Servicenow
Status: Servicenow
Vendor: CVE Published:; 23 August 2022

What is CVE-2022-38463?

ServiceNow has identified a reflected cross-site scripting vulnerability in its logout functionality, affecting users of San Diego Patch 4b and Patch 6. This security issue arises when malicious scripts are executed through the logout process, potentially compromising user data and application integrity. It is essential for users to apply the necessary patches and follow security best practices to mitigate the risks associated with this vulnerability.

References

https://support.servicenow.com/kb?id=kb_article_view&sysp...

x_refsource_CONFIRM

EPSS Score

55% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Aug 23, 2022
Vulnerability Reserved
Aug 19, 2022

Servicenow

What is CVE-2022-38463?

References

EPSS Score

CVSS V3.1

Timeline