CVE-2019-20768 : Security Advisory and Response
Learn about CVE-2019-20768 affecting ServiceNow IT Service Management versions Kingston, London, and Madrid. Discover the impact, affected systems, exploitation method, and mitigation steps.
ServiceNow IT Service Management versions Kingston up to Patch 14-1, London up to Patch 7, and Madrid up to Patch 4 are susceptible to a stored cross-site scripting (XSS) vulnerability. This vulnerability allows for XSS attacks by manipulating specific parameters in an Incident Request.
Understanding CVE-2019-20768
ServiceNow IT Service Management versions are vulnerable to stored XSS attacks, potentially leading to security breaches.
What is CVE-2019-20768?
CVE-2019-20768 is a vulnerability in ServiceNow IT Service Management versions Kingston, London, and Madrid that allows attackers to execute stored cross-site scripting attacks through manipulation of certain parameters.
The Impact of CVE-2019-20768
This vulnerability could be exploited by malicious actors to inject malicious scripts into web pages viewed by users, leading to unauthorized access, data theft, and other security risks.
Technical Details of CVE-2019-20768
ServiceNow IT Service Management versions Kingston, London, and Madrid are affected by a stored XSS vulnerability.
Vulnerability Description
The vulnerability arises from improper handling of parameters in Incident Requests, specifically sysparm_item_guid and sys_id, allowing attackers to inject malicious scripts.
Affected Systems and Versions
- ServiceNow IT Service Management Kingston up to Patch 14-1
- ServiceNow IT Service Management London up to Patch 7
- ServiceNow IT Service Management Madrid up to Patch 4
Exploitation Mechanism
Attackers can exploit this vulnerability by manipulating the sysparm_item_guid and sys_id parameters in an Incident Request made to service_catalog.do.
Mitigation and Prevention
Taking immediate action and implementing long-term security practices are crucial to mitigate the risks associated with CVE-2019-20768.
Immediate Steps to Take
- Apply patches provided by ServiceNow to fix the vulnerability.
- Monitor and restrict user input to prevent malicious script injections.
Long-Term Security Practices
- Regularly update and patch ServiceNow IT Service Management to address security vulnerabilities.
- Educate users on safe browsing practices and the risks of clicking on suspicious links.
- Implement web application firewalls and security protocols to detect and prevent XSS attacks.
- Conduct regular security audits and penetration testing to identify and address vulnerabilities.
- Stay informed about the latest security threats and best practices.
Patching and Updates
ServiceNow releases patches to address vulnerabilities like CVE-2019-20768. It is essential to promptly apply these patches to secure the IT Service Management system.