Lucene search
K

290 matches found

Qualys Blog
Qualys Blog
added 2025/07/21 3:0 p.m.18 views

Smarter ITSM Automation with ServiceNow Integration

Effective Information Technology and Service Management ITSM today requires intelligent automation, proactive security, and seamless integration between platforms. To keep security operations efficient, vulnerability management workflows need to be streamlined and connected with broader IT...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2025/07/10 7:24 a.m.14 views

ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs

A high-severity security flaw has been disclosed in ServiceNow's platform that, if successfully exploited, could result in data exposure and exfiltration. The vulnerability, tracked as CVE-2025-3648 CVSS score: 8.2, has been described as a case of data inference in Now Platform through conditiona...

8.2CVSS6.9AI score0.01905EPSS
Exploits0
Cvelist
Cvelist
added 2025/07/08 4:7 p.m.13 views

CVE-2025-3648 Data Inference in Now Platform via Conditional ACLs

A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain conditional access control list ACL configurations, this vulnerability could enable unauthenticated and authenticated users to use range query requests to infer...

8.2CVSS0.01664EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/07/08 12:0 a.m.4 views

ServiceNow Now Platform 安全漏洞

ServiceNow Now Platform is a cloud-based platform from US-based ServiceNow that uses AI and machine learning to automate and optimize work across the enterprise. ServiceNow Now Platform has a security vulnerability that stems from a misconfiguration of access control lists that could lead to...

8.2CVSS6.8AI score0.01664EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2025/06/10 8:17 p.m.5 views

nautobot-chatops (>=1.6.0 <=1.7.1), nautobot-chatops-arista-cloudvision (>=1.0.1 <=1.3.0) +7 more potentially affected by CVE-2025-49142 via nautobot (>=1.0.3 <=1.5.16)

nautobot PYPI version =1.0.3, =1.6.0, =1.0.1, =1.1.0, =0.9.2, =1.5.0, =0.9.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2025-49142 Source advisory: OSV:GHSA-WJW6-95H5-4JPX...

7.1CVSS5.8AI score0.00303EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 8:28 a.m.7 views

CVE-2024-5890

ServiceNow has addressed an HTML injection vulnerability that was identified in the Now Platform. This vulnerability could potentially enable an unauthenticated user to modify a web page or redirect users to another website. ServiceNow released updates to customers that addressed this...

5.1CVSS6.9AI score0.00297EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:33 a.m.4 views

CVE-2023-1209

Cross-Site Scripting XSS vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts...

5.4CVSS6AI score0.00376EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:10 a.m.8 views

CVE-2022-42704

A cross-site scripting XSS vulnerability in Employee Service Center esc and Service Portal sp in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget...

5.4CVSS5.8AI score0.00439EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 12:21 a.m.7 views

CVE-2022-46886

There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain...

6.1CVSS6.9AI score0.00299EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:9 p.m.8 views

CVE-2022-39048

A XSS vulnerability was identified in the ServiceNow UI page assessmentredirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks,...

6.1CVSS5.8AI score0.01089EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 1:11 a.m.7 views

CVE-2016-1600

The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability...

7.5CVSS6.5AI score0.0113EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/24 12:0 a.m.11 views

ServiceNow SAML Single Sign-On Bypass

ServiceNow enables a page named sidedoor.do by default to allow users bypassing the Single Sign On SSO feature in case of issues to still access their ServiceNow instance. No source data...

7.2AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/03/24 12:0 a.m.6 views

ServiceNow Public Knowledge Base Detected

ServiceNow offers a knowledge management module to help organizations sharing internal or public information to help in their service usages. This informational plugin detects the presence of public knowledge bases on the target ServiceNow instance. No source data...

7AI score
Exploits0References1
HackRead
HackRead
added 2025/03/21 12:19 p.m.10 views

New Attacks Exploit Year-Old ServiceNow Flaws – Israel Hit Hardest

Article updated with a statement from ServiceNow...

9.6AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/03/14 2:8 a.m.3 views

Malicious code in spark-botkit-servicenow (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db9e7b07208198145174b016dd7c98f443f46d0605e07e3f8a84f24f58efd4ce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

6.9AI score
Exploits0References3
OSV
OSV
added 2025/03/14 2:8 a.m.7 views

MAL-2025-2417 Malicious code in spark-botkit-servicenow (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db9e7b07208198145174b016dd7c98f443f46d0605e07e3f8a84f24f58efd4ce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

7AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2025/03/14 12:0 a.m.38 views

ServiceNow Platform Authorization Bypass (CVE-2025-0337)

ServiceNow has addressed an authorization bypass vulnerability that was identified in the Washington release of the Now Platform. This vulnerability, if exploited, potentially could enable an authenticated user to access data stored within the Now Platform that the user otherwise would not be...

7.1CVSS5.5AI score0.0036EPSS
Exploits0References2
Qualys Blog
Qualys Blog
added 2025/03/10 3:0 p.m.9 views

Qualys & ServiceNow: Automating Risk-Driven Remediation for Container Security

Introducing the Qualys & ServiceNow Integration Qualys and ServiceNow are redefining container vulnerability management with an integrated approach that streamlines remediation for highly ephemeral containerized workloads. Organizations can now seamlessly detect, prioritize, and remediate...

7.6AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/03/08 4:33 p.m.21 views

CVE-2025-0337

ServiceNow has addressed an authorization bypass vulnerability that was identified in the Washington release of the Now Platform. This vulnerability, if exploited, potentially could enable an authenticated user to access unauthorized data stored within the Now Platform that the user otherwise wou...

7.1CVSS6.5AI score0.0036EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/03/06 4:29 p.m.58 views

CVE-2025-0337 Authorization bypass in Now Platform

ServiceNow has addressed an authorization bypass vulnerability that was identified in the Washington release of the Now Platform. This vulnerability, if exploited, potentially could enable an authenticated user to access unauthorized data stored within the Now Platform that the user otherwise wou...

7.1CVSS0.0036EPSS
Exploits0References1
Rows per page
Query Builder