Lucene search

MitreCVE-2019-20768

HistoryMay 05, 2020 - 10:15 p.m.

CVE-2019-20768

2020-05-0522:15:12

CWE-79

mitre

web.nvd.nist.gov

servicenow

itsm

xss

incident request

nvd

cve-2019-20768

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

21.4%

JSON

ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS via crafted sysparm_item_guid and sys_id parameters in an Incident Request to service_catalog.do.

Affected configurations

Nvd

Node

servicenowit_service_managementMatchkingston-

servicenowit_service_managementMatchkingstonpatch_1

servicenowit_service_managementMatchkingstonpatch_10

servicenowit_service_managementMatchkingstonpatch_10-1

servicenowit_service_managementMatchkingstonpatch_10-2

servicenowit_service_managementMatchkingstonpatch_11

servicenowit_service_managementMatchkingstonpatch_12

servicenowit_service_managementMatchkingstonpatch_12-1

servicenowit_service_managementMatchkingstonpatch_12-2

servicenowit_service_managementMatchkingstonpatch_13

servicenowit_service_managementMatchkingstonpatch_14

servicenowit_service_managementMatchkingstonpatch_14-1

servicenowit_service_managementMatchkingstonpatch_2

servicenowit_service_managementMatchkingstonpatch_3

servicenowit_service_managementMatchkingstonpatch_3-1

servicenowit_service_managementMatchkingstonpatch_3-2

servicenowit_service_managementMatchkingstonpatch_3a-1

servicenowit_service_managementMatchkingstonpatch_4

servicenowit_service_managementMatchkingstonpatch_4-1

servicenowit_service_managementMatchkingstonpatch_4-2

servicenowit_service_managementMatchkingstonpatch_4-4

servicenowit_service_managementMatchkingstonpatch_5

servicenowit_service_managementMatchkingstonpatch_6

servicenowit_service_managementMatchkingstonpatch_6-1

servicenowit_service_managementMatchkingstonpatch_6-2

servicenowit_service_managementMatchkingstonpatch_6-3

servicenowit_service_managementMatchkingstonpatch_6-5

servicenowit_service_managementMatchkingstonpatch_7

servicenowit_service_managementMatchkingstonpatch_7-1

servicenowit_service_managementMatchkingstonpatch_8

servicenowit_service_managementMatchkingstonpatch_8-1

servicenowit_service_managementMatchkingstonpatch_9

servicenowit_service_managementMatchlondon-

servicenowit_service_managementMatchlondonpatch_1

servicenowit_service_managementMatchlondonpatch_1-2

servicenowit_service_managementMatchlondonpatch_1-3

servicenowit_service_managementMatchlondonpatch_2

servicenowit_service_managementMatchlondonpatch_2-2

servicenowit_service_managementMatchlondonpatch_2-4

servicenowit_service_managementMatchlondonpatch_2-5

servicenowit_service_managementMatchlondonpatch_3

servicenowit_service_managementMatchlondonpatch_3-3

servicenowit_service_managementMatchlondonpatch_3-4

servicenowit_service_managementMatchlondonpatch_4

servicenowit_service_managementMatchlondonpatch_4-1

servicenowit_service_managementMatchlondonpatch_4-2

servicenowit_service_managementMatchlondonpatch_4-3

servicenowit_service_managementMatchlondonpatch_4-4

servicenowit_service_managementMatchlondonpatch_4-5

servicenowit_service_managementMatchlondonpatch_4-6

servicenowit_service_managementMatchlondonpatch_5

servicenowit_service_managementMatchlondonpatch_5-1

servicenowit_service_managementMatchlondonpatch_6

servicenowit_service_managementMatchlondonpatch_6-1

servicenowit_service_managementMatchlondonpatch_6a-1

servicenowit_service_managementMatchlondonpatch_6b-1

servicenowit_service_managementMatchlondonpatch_7

servicenowit_service_managementMatchmadrid-

servicenowit_service_managementMatchmadridpatch_0-1

servicenowit_service_managementMatchmadridpatch_1

servicenowit_service_managementMatchmadridpatch_1-1

servicenowit_service_managementMatchmadridpatch_1-2

servicenowit_service_managementMatchmadridpatch_2

servicenowit_service_managementMatchmadridpatch_3

servicenowit_service_managementMatchmadridpatch_3-1

servicenowit_service_managementMatchmadridpatch_3-2

VendorProductVersionCPE
servicenowit_service_managementkingstoncpe:2.3:a:servicenow:it_service_management:kingston:-:*:*:*:*:*:*
servicenowit_service_managementkingstoncpe:2.3:a:servicenow:it_service_management:kingston:patch_1:*:*:*:*:*:*
servicenowit_service_managementkingstoncpe:2.3:a:servicenow:it_service_management:kingston:patch_10:*:*:*:*:*:*
servicenowit_service_managementkingstoncpe:2.3:a:servicenow:it_service_management:kingston:patch_10-1:*:*:*:*:*:*
servicenowit_service_managementkingstoncpe:2.3:a:servicenow:it_service_management:kingston:patch_10-2:*:*:*:*:*:*
servicenowit_service_managementkingstoncpe:2.3:a:servicenow:it_service_management:kingston:patch_11:*:*:*:*:*:*
servicenowit_service_managementkingstoncpe:2.3:a:servicenow:it_service_management:kingston:patch_12:*:*:*:*:*:*
servicenowit_service_managementkingstoncpe:2.3:a:servicenow:it_service_management:kingston:patch_12-1:*:*:*:*:*:*
servicenowit_service_managementkingstoncpe:2.3:a:servicenow:it_service_management:kingston:patch_12-2:*:*:*:*:*:*
servicenowit_service_managementkingstoncpe:2.3:a:servicenow:it_service_management:kingston:patch_13:*:*:*:*:*:*

Vendor	Product	Version	CPE
servicenow	it_service_management	kingston	cpe:2.3:a:servicenow:it_service_management:kingston:-::::::
servicenow	it_service_management	kingston	cpe:2.3:a:servicenow:it_service_management:kingston:patch_1::::::
servicenow	it_service_management	kingston	cpe:2.3:a:servicenow:it_service_management:kingston:patch_10::::::
servicenow	it_service_management	kingston	cpe:2.3:a:servicenow:it_service_management:kingston:patch_10-1::::::
servicenow	it_service_management	kingston	cpe:2.3:a:servicenow:it_service_management:kingston:patch_10-2::::::
servicenow	it_service_management	kingston	cpe:2.3:a:servicenow:it_service_management:kingston:patch_11::::::
servicenow	it_service_management	kingston	cpe:2.3:a:servicenow:it_service_management:kingston:patch_12::::::
servicenow	it_service_management	kingston	cpe:2.3:a:servicenow:it_service_management:kingston:patch_12-1::::::
servicenow	it_service_management	kingston	cpe:2.3:a:servicenow:it_service_management:kingston:patch_12-2::::::
servicenow	it_service_management	kingston	cpe:2.3:a:servicenow:it_service_management:kingston:patch_13::::::

Rows per page:

1-10 of 661

References

outpost24.com/blog/Responsible-disclosure-Multiple-stored-XSS-vulnerabilities-discovered-in-ServiceNow-ITSM

outpost24.com/blog?tags=307

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSS3

5.4

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

21.4%

JSON

Related for CVE-2019-20768