CVE-2019-20768

Опубликовано: 05 мая 2020

Источник: nvd

CVSS3: 5.4

CVSS2: 3.5

EPSS Низкий

Описание

ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS via crafted sysparm_item_guid and sys_id parameters in an Incident Request to service_catalog.do.

Ссылки

https://outpost24.com/blog/Responsible-disclosure-Multiple-stored-XSS-vulnerabilities-discovered-in-ServiceNow-ITSM
Exploit
Third Party Advisory
https://outpost24.com/blog?tags=307
Third Party Advisory
https://outpost24.com/blog/Responsible-disclosure-Multiple-stored-XSS-vulnerabilities-discovered-in-ServiceNow-ITSM
Exploit
Third Party Advisory
https://outpost24.com/blog?tags=307
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:servicenow:it_service_management:kingston:-:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:kingston:patch_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:kingston:patch_10:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:kingston:patch_10-1:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:kingston:patch_10-2:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:kingston:patch_11:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:kingston:patch_12:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:kingston:patch_12-1:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:kingston:patch_12-2:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:kingston:patch_13:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:kingston:patch_14:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:kingston:patch_14-1:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:kingston:patch_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:kingston:patch_3:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:kingston:patch_3-1:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:kingston:patch_3-2:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:kingston:patch_3a-1:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:kingston:patch_4:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:kingston:patch_4-1:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:kingston:patch_4-2:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:kingston:patch_4-4:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:kingston:patch_5:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:kingston:patch_6:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:kingston:patch_6-1:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:kingston:patch_6-2:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:kingston:patch_6-3:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:kingston:patch_6-5:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:kingston:patch_7:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:kingston:patch_7-1:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:kingston:patch_8:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:kingston:patch_8-1:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:kingston:patch_9:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:london:-:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:london:patch_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:london:patch_1-2:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:london:patch_1-3:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:london:patch_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:london:patch_2-2:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:london:patch_2-4:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:london:patch_2-5:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:london:patch_3:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:london:patch_3-3:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:london:patch_3-4:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:london:patch_4:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:london:patch_4-1:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:london:patch_4-2:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:london:patch_4-3:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:london:patch_4-4:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:london:patch_4-5:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:london:patch_4-6:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:london:patch_5:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:london:patch_5-1:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:london:patch_6:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:london:patch_6-1:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:london:patch_6a-1:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:london:patch_6b-1:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:london:patch_7:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:madrid:-:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:madrid:patch_0-1:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:madrid:patch_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:madrid:patch_1-1:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:madrid:patch_1-2:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:madrid:patch_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:madrid:patch_3:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:madrid:patch_3-1:*:*:*:*:*:*

cpe:2.3:a:servicenow:it_service_management:madrid:patch_3-2:*:*:*:*:*:*

EPSS

Процентиль: 43%

0.00206

Низкий

5.4 Medium

CVSS3

3.5 Low

CVSS2

Дефекты

CWE-79

Связанные уязвимости

GHSA-pw7g-7762-p5qw

github

больше 3 лет назад