CVE-2022-38463 ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality.

Logging out from one customer profile will reflect on any other customer profile. This can lead to a situation where a malicious customer could potentially view their data by logging out of one customer profile and viewing it from another. Through patch 4b and patch 6, we have added an X-Frame-Options to customer profiles that allows for the blocking of XSS in the logout functionality. Through San Diego Patch 4b through San Diego Patch 6, we have now added an X-Frame-Options to customer profiles that allows for the blocking of XSS in the logout functionality.

SFDB and the SQL injection vulnerability

The SQL injection vulnerability was found in the San Diego Patch 4b release of our software. This vulnerability could allow malicious users to gain access to customer data. With the addition of the X-Frame-Options (XFO) option, this issue should be resolved.

Logout CSRF Protection

With the release of patch 4b through San Diego Patch 6, we have now added an X-Frame-Options to customer profiles that allows for the blocking of XSS in the logout functionality. This will prevent CSRF in the logout functionality and keep customers safe from malicious attacks.
A Cross Site Request Forgery (CSRF) vulnerability is when a website makes it possible for users to submit requests to other pages on the same website without requiring any kind of authentication. When this vulnerability is exploited, it can lead to fraudulent actions such as stealing personal information, changing account settings, making purchases, etc. A malicious customer can exploit this vulnerability by logging into one customer profile and then submitting a request from that page to another page on that same website. With the release of patch 4b through San Diego Patch 6, we have now added an X-Frame-Options to customer profiles that allows for the blocking of XSS in the logout functionality.
This will prevent CSRF in the logout functionality and keep customers safe from malicious attacks with less effort than before.

Logout Failure XSS

The vulnerability that we found and fixed in the logout functionality is a serious XSS vulnerability. The vulnerability allows for an attacker to use any customer's account, regardless of whether they are logged in or not, to view the content of their profile. This could potentially create a situation where a malicious customer could access the data of other customers through this vulnerability. In order to fix this security issue, we have added an X-Frame-Options header to customer profiles that will prevent the attack by preventing any cross-site scripting (XSS) attacks within the logout functionality.

San Diego Patch 4b through San Diego Patch 6

San Diego Patch 4b through San Diego Patch 6 patch an X-Frame-Options to customer profiles that allows for the blocking of XSS in the logout functionality. This can be done by logging out of one customer profile and viewing it from another.

Timeline

Published on: 08/23/2022 19:15:00 UTC
Last modified on: 08/26/2022 19:18:00 UTC

References

• https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1156793
• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-38463