ServiceNow Account Takeover to Full Admin Compromise

Posted by Luke Symons on Jul 07

1. INFORMATION

--------------

[+] CVE : CVE-2022-43684

[+] Title : Insecure Access Control To Full Admin Compromise

[+] Vendor : ServiceNow

[+] Publication date : June 2023

[+] Credits : Luke Symons, Tony Wu, Eldar Marcussen, Gareth
Phillips, Jeff Thomas, Nadeem Salim, and Stephen Bradshaw.

2. AFFECTED VERSIONS

--------------------

* Quebec prior to Patch 10 Hot Fix 8b

* Rome prior to Patch 10 Hot...