mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
152 lines
6.9 KiB
JSON
152 lines
6.9 KiB
JSON
{
|
|
"data_version": "4.0",
|
|
"data_type": "CVE",
|
|
"data_format": "MITRE",
|
|
"CVE_data_meta": {
|
|
"ID": "CVE-2022-46886",
|
|
"ASSIGNER": "psirt@servicenow.com",
|
|
"STATE": "PUBLIC"
|
|
},
|
|
"description": {
|
|
"description_data": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain.\n\n"
|
|
}
|
|
]
|
|
},
|
|
"problemtype": {
|
|
"problemtype_data": [
|
|
{
|
|
"description": [
|
|
{
|
|
"lang": "eng",
|
|
"value": "open redirect"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"affects": {
|
|
"vendor": {
|
|
"vendor_data": [
|
|
{
|
|
"vendor_name": "ServiceNow",
|
|
"product": {
|
|
"product_data": [
|
|
{
|
|
"product_name": "ServiceNow",
|
|
"version": {
|
|
"version_data": [
|
|
{
|
|
"version_value": "not down converted",
|
|
"x_cve_json_5_version_data": {
|
|
"versions": [
|
|
{
|
|
"changes": [
|
|
{
|
|
"at": "Tokyo Patch 3",
|
|
"status": "unaffected"
|
|
}
|
|
],
|
|
"lessThan": "Tokyo Patch 1b",
|
|
"status": "affected",
|
|
"version": "Tokyo",
|
|
"versionType": "custom"
|
|
},
|
|
{
|
|
"changes": [
|
|
{
|
|
"at": "San Diego Patch 9",
|
|
"status": "unaffected"
|
|
}
|
|
],
|
|
"lessThan": "San Diego Patch 7b",
|
|
"status": "affected",
|
|
"version": "San Diego",
|
|
"versionType": "custom"
|
|
},
|
|
{
|
|
"changes": [
|
|
{
|
|
"at": "Rome Patch 10 Hotfix 3b",
|
|
"status": "unaffected"
|
|
}
|
|
],
|
|
"lessThan": "Rome Patch 10 Hotfix 2b",
|
|
"status": "affected",
|
|
"version": "Rome",
|
|
"versionType": "custom"
|
|
},
|
|
{
|
|
"lessThan": "Quebec Patch 10 Hotfix 10b",
|
|
"status": "affected",
|
|
"version": "Quebec",
|
|
"versionType": "custom"
|
|
}
|
|
],
|
|
"defaultStatus": "unaffected"
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"references": {
|
|
"reference_data": [
|
|
{
|
|
"url": "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1219857",
|
|
"refsource": "MISC",
|
|
"name": "https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1219857"
|
|
}
|
|
]
|
|
},
|
|
"generator": {
|
|
"engine": "Vulnogram 0.0.9"
|
|
},
|
|
"source": {
|
|
"discovery": "EXTERNAL"
|
|
},
|
|
"exploit": [
|
|
{
|
|
"lang": "en",
|
|
"supportingMedia": [
|
|
{
|
|
"base64": false,
|
|
"type": "text/html",
|
|
"value": "<p>Successful exploitation of this vulnerability potentially could be used to facilitate targeted attacks such as phishing. This may enable attackers to redirect authenticated users to domains the attackers control and cause the disclosure of sensitive information, like login credentials.</p>"
|
|
}
|
|
],
|
|
"value": "Successful exploitation of this vulnerability potentially could be used to facilitate targeted attacks such as phishing. This may enable attackers to redirect authenticated users to domains the attackers control and cause the disclosure of sensitive information, like login credentials.\n\n"
|
|
}
|
|
],
|
|
"credits": [
|
|
{
|
|
"lang": "en",
|
|
"value": "theamanrawat"
|
|
}
|
|
],
|
|
"impact": {
|
|
"cvss": [
|
|
{
|
|
"attackComplexity": "LOW",
|
|
"attackVector": "NETWORK",
|
|
"availabilityImpact": "LOW",
|
|
"baseScore": 5.5,
|
|
"baseSeverity": "MEDIUM",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "LOW",
|
|
"privilegesRequired": "LOW",
|
|
"scope": "UNCHANGED",
|
|
"userInteraction": "REQUIRED",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
|
|
"version": "3.1"
|
|
}
|
|
]
|
|
}
|
|
} |