What is CVE-2022-46389?

CVE-2022-46389 is a medium-severity vulnerability in Servicenow Now Platform, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2023-04-17.

How severe is CVE-2022-46389?

Medium severity. CVSS v3 base score is 6.1 out of 10.

XSS in Servicenow Now Platform

CVE-2022-46389

There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego Patch 9, Tokyo Patch 4, and Utah GA. This enables an unauthenticated remote attac…

Vulnerability class: XSS (Cross-Site Scripting)

EPSS: 0.007 (71.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Affected products

Servicenow Now Platform — versions Quebec, Rome, San Diego

Weakness classification (CWE)

CWE-79 — Cross-site Scripting

References

support.servicenow.com/kb

Frequently asked questions

What is CVE-2022-46389?: CVE-2022-46389 is a medium-severity vulnerability in Servicenow Now Platform, classified under Cross-site Scripting. CVSS score: 6.1/10. Published 2023-04-17.
How severe is CVE-2022-46389?: Medium severity. CVSS v3 base score is 6.1 out of 10.