ServiceNow 漏洞列表
共找到 11 个与 ServiceNow 相关的漏洞
📅 加载漏洞趋势中...
-
CVE-2022-38463: ServiceNow - Cross-Site Scripting POC
ServiceNow through San Diego Patch 4b and Patch 6 contains a cross-site scripting vulnerability in the logout functionality, which can enable an unauthenticated remote attacker to execute arbitrary JavaScript. -
CVE-2022-39048: ServiceNow - Cross-site Scripting POC
A XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks, including, but not limited to, phishing, redirection, theft of CSRF tokens, and use of an authenticated user's browser or session to attack other systems. -
CVE-2024-4879: ServiceNow UI Macros - Template Injection POC
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible. -
CVE-2024-5217: ServiceNow - Incomplete Input Validation POC
ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible. -
ServiceNow Now Platform 未授权 代码注入漏洞 无POC
-
ServiceNow CVE-2024-4879 Jelly模板注入漏洞 无POC
ServiceNow是一家提供企业级云计算服务的公司,其产品是一种基于云的服务管理解决方案。ServiceNow存在Jelly模板注入漏洞,此漏洞是由于程序未充分验证用户输入jvar_page_title的数据导致的。 -
ServiceNowUI /login.do Jelly模板注入漏洞(CVE-2024-4879) 无POC
ServiceNow 是一个业务转型平台。通过平台上的各个模块,ServiceNow 可用于从人力资源和员工管理到自动化工作流程或作为知识库等各种用途。ServiceNow的Jelly模板和Glide表达式由于输入验证不严格,存在注入漏洞。这些漏洞可以被未经身份验证的攻击者通过构造恶意请求利用,在ServiceNow中获取敏感文件,甚至远程执行代码。 -
ServiceNow UI Jelly模板注入漏洞(CVE-2024-4879) 无POC
ServiceNow是一种基于云计算的服务管理平台,主要用于IT服务管理,业务管理和运营管理。ServiceNow的Jelly模板由于输入验证不严格,存在注入漏洞。这些漏洞可以被未经身份验证的攻击者通过构造恶意请求利用,在ServiceNow中远程执行代码。 -
ServiceNow Jelly 远程代码执行漏洞 无POC
ServiceNow是美国ServiceNow公司的一个云计算平台。以帮助公司管理企业运营的数字工作流程。 ServiceNow存在安全漏洞。攻击者利用该漏洞可以在 Now Platform 环境中远程执行代码。 -
ServiceNow jvar_page_title 远程代码执行漏洞 无POC
ServiceNow是美国ServiceNow公司的一个云计算平台。以帮助公司管理企业运营的数字工作流程。 ServiceNow存在安全漏洞。攻击者利用该漏洞可以在 Now Platform 的环境中远程执行代码。 -
ServiceNow logout_redirect.do 存在跨站脚本攻击漏洞(CVE-2022-38463) 无POC
在ServiceNow的注销功能中存在一个反射的XSS。这使得未经身份验证的远程攻击者可以执行任意JavaScript。