CVE-2021-45901

Опубликовано: 10 фев. 2022

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Средний

Описание

The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists.

Ссылки

http://packetstormsecurity.com/files/165989/ServiceNow-Orlando-Username-Enumeration.html
Exploit
Third Party Advisory
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/servicenow-username-enumeration-vulnerability-cve-2021-45901/
Exploit
Third Party Advisory
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/
Vendor Advisory
http://packetstormsecurity.com/files/165989/ServiceNow-Orlando-Username-Enumeration.html
Exploit
Third Party Advisory
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/servicenow-username-enumeration-vulnerability-cve-2021-45901/
Exploit
Third Party Advisory
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:servicenow:servicenow:jakarta:p1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:jakarta:p2:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:jakarta:p3:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:jakarta:p3a:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:jakarta:p3b:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:jakarta:p4:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:jakarta:p5:*:*:*:*:*:*

EPSS

Процентиль: 95%

0.19686

Средний

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-203

Связанные уязвимости

GHSA-h956-vg6m-c6mm

github

почти 4 года назад