Vulnerabilities > CVE-2021-45901 - Information Exposure Through Discrepancy vulnerability in Servicenow Jakarta

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
servicenow
CWE-203

Summary

The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists.

Vulnerable Configurations

Part Description Count
Application
Servicenow
7

Common Weakness Enumeration (CWE)