Vulnerabilities > CVE-2021-45901 - Information Exposure Through Discrepancy vulnerability in Servicenow Jakarta

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

servicenow

CWE-203

NVD

Published: 2022-02-10

Updated: 2022-02-22

Summary

The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists.

Vulnerable Configurations

Part	Description	Count
Application	Servicenow Servicenow Servicenow Jakarta	7

Common Weakness Enumeration (CWE)

CWE-203 - Information Exposure Through Discrepancy

References

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/servicenow-username-enumeration-vulnerability-cve-2021-45901/
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/
http://packetstormsecurity.com/files/165989/ServiceNow-Orlando-Username-Enumeration.html