What is CVE-2022-43684?

CVE-2022-43684 is a critical-severity vulnerability in Servicenow Now Platform, classified under Information Disclosure. CVSS score: 9.9/10. Published 2023-06-13.

How severe is CVE-2022-43684?

Critical severity. CVSS v3 base score is 9.9 out of 10.

Is CVE-2022-43684 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Information disclosure in Servicenow Now Platform

CVE-2022-43684

ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality. Additional Details This issue is present in the following supported ServiceNow releases: * Q…

Vulnerability class: Information Disclosure

EPSS: 0.002 (44.2th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.9 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H.

Affected products

Servicenow Now Platform — versions Quebec, Rome, San Diego

Weakness classification (CWE)

CWE-200 — Information Disclosure

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2022-43684?: CVE-2022-43684 is a critical-severity vulnerability in Servicenow Now Platform, classified under Information Disclosure. CVSS score: 9.9/10. Published 2023-06-13.
How severe is CVE-2022-43684?: Critical severity. CVSS v3 base score is 9.9 out of 10.
Is CVE-2022-43684 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.