Reflected XSS in ServiceNow Logout Functionality
CVE-2022-38463

6.1MEDIUM

Key Information:

Vendor: Servicenow
Status: Servicenow
Vendor: CVE Published:; 23 August 2022

What is CVE-2022-38463?

ServiceNow has identified a reflected cross-site scripting vulnerability in its logout functionality, affecting users of San Diego Patch 4b and Patch 6. This security issue arises when malicious scripts are executed through the logout process, potentially compromising user data and application integrity. It is essential for users to apply the necessary patches and follow security best practices to mitigate the risks associated with this vulnerability.

References

https://support.servicenow.com/kb?id=kb_article_view&sysp...

x_refsource_CONFIRM

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 23, 2022
Vulnerability Reserved
Aug 19, 2022

CVE-2022-38463 Data

JSON

Servicenow

What is CVE-2022-38463?

References

CVSS V3.1

Timeline