CVE-2021-45901

MEDIUM

ServiceNow Orlando - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-45901. PoCs published by Victor Hanna, 9lyph.

AI-analyzed exploit summary This exploit performs username enumeration in ServiceNow by leveraging a vulnerability in the password reset functionality. It brute-forces a list of usernames and checks for valid users based on HTTP response codes.

Description

The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists.

Exploits (2)

exploitdb WORKING POC

by Victor Hanna · pythonwebappsmultiple

https://www.exploit-db.com/exploits/50741

View Code ZIP pw:eip

This exploit performs username enumeration in ServiceNow by leveraging a vulnerability in the password reset functionality. It brute-forces a list of usernames and checks for valid users based on HTTP response codes.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: ServiceNow Orlando

No auth needed

Prerequisites: Valid JSESSIONID, X-UserToken, and CSRF Token · List of usernames in 'users.txt'

MITRE ATT&CK

T1589.001 - Credentials

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 1 stars

by 9lyph · poc

https://github.com/9lyph/CVE-2021-45901

View Code ZIP pw:eip

This repository contains a Python script for enumerating valid usernames in ServiceNow by exploiting a discrepancy in HTTP responses during password reset requests. The PoC automates the process by leveraging session tokens, CSRF tokens, and X-UserToken extracted from client-side code.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: ServiceNow Orlando (glide-orlando-12-11-2019__patch5-06-17-2020)

No auth needed

Prerequisites: Valid JSESSIONID, CSRF token, and X-UserToken · Wordlist of potential usernames

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Vendor Advisory x_refsource_misc

https://www.trustwave.com/en-us/resources/security-resources/security-advisories/

Exploit, Third Party Advisory x_refsource_misc

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/servicenow-username-enumeration-vulnerability-cve-2021-45901/

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/165989/ServiceNow-Orlando-Username-Enumeration.html

Scores

CVSS v3 5.3

EPSS 0.1432

EPSS Percentile 96.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-203

Status published

Products (1)

servicenow/servicenow jakarta p1 (7 CPE variants)

Published Feb 10, 2022

Tracked Since Feb 18, 2026