ACL bypass in Reporting functionality
CVE-2022-43684

6.5MEDIUM

Key Information:

Vendor: Servicenow
Status: Now Platform
Vendor: CVE Published:; 13 June 2023

Badges

👾 Exploit Exists

What is CVE-2022-43684?

An Access Control List (ACL) bypass vulnerability exists in ServiceNow's core functionality, affecting several releases. If exploited, this vulnerability allows authenticated users to access sensitive information from tables that lack proper authorization controls. The issue has been addressed through patches and upgrades provided by ServiceNow, targeting specific versions in the Quebec, Rome, San Diego, Tokyo, and Utah release series. It is crucial for organizations using these versions to apply the necessary updates to secure their data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Now Platform Quebec

Now Platform Rome

Now Platform San Diego

References

https://support.servicenow.com/kb?id=kb_article_view&sysp...

http://seclists.org/fulldisclosure/2023/Jul/11

https://news.ycombinator.com/item?id=36638530

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

👾
Exploit known to exist
Jul 5, 2023
Vulnerability published
Jun 13, 2023
Vulnerability Reserved
Oct 24, 2022

Credit

Luke Symons

Tony Wu

Eldar Marcussen

Gareth Phillips

Jeff Thomas

Nadeem Salim

Stephen Bradshaw

JSON

Servicenow