Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unauthenticated Blind SQL Injection in Core Platform
Vulnerability Description
ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information. ServiceNow deployed an update to hosted instances, and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
ServiceNow Now Platform 安全漏洞
Vulnerability Description
ServiceNow Now Platform是美国ServiceNow公司的一个基于云的平台,使用 AI 和机器学习来自动化和优化整个企业的工作。 ServiceNow Now Platform存在安全漏洞,该漏洞源于盲SQL注入,这可能使未认证用户提取未经授权的信息。
CVSS Information
N/A
Vulnerability Type
N/A