Open Redirect Vulnerability in ServiceNow by ServiceNow
CVE-2022-46886

6.1MEDIUM

Key Information:

Vendor: Servicenow
Status: Servicenow
Vendor: CVE Published:; 14 April 2023

Badges

👾 Exploit Exists

What is CVE-2022-46886?

An open redirect vulnerability has been identified in the response list update functionality of ServiceNow. This flaw enables attackers to craft malicious links, leading users from a ServiceNow domain to arbitrary and potentially harmful external domains. This could result in phishing attacks or other security risks, posing a serious threat to user data and overall platform integrity.

Affected Version(s)

ServiceNow Tokyo

ServiceNow San Diego

ServiceNow Rome

References

https://support.servicenow.com/kb?id=kb_article_view&sysp...

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

👾
Exploit known to exist
Feb 6, 2025
Vulnerability published
Apr 14, 2023
Vulnerability Reserved
Dec 9, 2022

Credit

theamanrawat

Servicenow