290 matches found
Smarter ITSM Automation with ServiceNow Integration
Effective Information Technology and Service Management ITSM today requires intelligent automation, proactive security, and seamless integration between platforms. To keep security operations efficient, vulnerability management workflows need to be streamlined and connected with broader IT...
ServiceNow Flaw CVE-2025-3648 Could Lead to Data Exposure via Misconfigured ACLs
A high-severity security flaw has been disclosed in ServiceNow's platform that, if successfully exploited, could result in data exposure and exfiltration. The vulnerability, tracked as CVE-2025-3648 CVSS score: 8.2, has been described as a case of data inference in Now Platform through conditiona...
CVE-2025-3648 Data Inference in Now Platform via Conditional ACLs
A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain conditional access control list ACL configurations, this vulnerability could enable unauthenticated and authenticated users to use range query requests to infer...
ServiceNow Now Platform 安全漏洞
ServiceNow Now Platform is a cloud-based platform from US-based ServiceNow that uses AI and machine learning to automate and optimize work across the enterprise. ServiceNow Now Platform has a security vulnerability that stems from a misconfiguration of access control lists that could lead to...
nautobot-chatops (>=1.6.0 <=1.7.1), nautobot-chatops-arista-cloudvision (>=1.0.1 <=1.3.0) +7 more potentially affected by CVE-2025-49142 via nautobot (>=1.0.3 <=1.5.16)
nautobot PYPI version =1.0.3, =1.6.0, =1.0.1, =1.1.0, =0.9.2, =1.5.0, =0.9.0, =0.1.0, =0.1.0, =0.2.0 Source cves: CVE-2025-49142 Source advisory: OSV:GHSA-WJW6-95H5-4JPX...
CVE-2024-5890
ServiceNow has addressed an HTML injection vulnerability that was identified in the Now Platform. This vulnerability could potentially enable an unauthenticated user to modify a web page or redirect users to another website. ServiceNow released updates to customers that addressed this...
CVE-2023-1209
Cross-Site Scripting XSS vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts...
CVE-2022-42704
A cross-site scripting XSS vulnerability in Employee Service Center esc and Service Portal sp in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget...
CVE-2022-46886
There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain...
CVE-2022-39048
A XSS vulnerability was identified in the ServiceNow UI page assessmentredirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks,...
CVE-2016-1600
The ServiceNow driver in NetIQ Identity Manager versions prior to 4.6 are susceptible to an information disclosure vulnerability...
ServiceNow SAML Single Sign-On Bypass
ServiceNow enables a page named sidedoor.do by default to allow users bypassing the Single Sign On SSO feature in case of issues to still access their ServiceNow instance. No source data...
ServiceNow Public Knowledge Base Detected
ServiceNow offers a knowledge management module to help organizations sharing internal or public information to help in their service usages. This informational plugin detects the presence of public knowledge bases on the target ServiceNow instance. No source data...
New Attacks Exploit Year-Old ServiceNow Flaws – Israel Hit Hardest
Article updated with a statement from ServiceNow...
Malicious code in spark-botkit-servicenow (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db9e7b07208198145174b016dd7c98f443f46d0605e07e3f8a84f24f58efd4ce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
MAL-2025-2417 Malicious code in spark-botkit-servicenow (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware db9e7b07208198145174b016dd7c98f443f46d0605e07e3f8a84f24f58efd4ce Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
ServiceNow Platform Authorization Bypass (CVE-2025-0337)
ServiceNow has addressed an authorization bypass vulnerability that was identified in the Washington release of the Now Platform. This vulnerability, if exploited, potentially could enable an authenticated user to access data stored within the Now Platform that the user otherwise would not be...
Qualys & ServiceNow: Automating Risk-Driven Remediation for Container Security
Introducing the Qualys & ServiceNow Integration Qualys and ServiceNow are redefining container vulnerability management with an integrated approach that streamlines remediation for highly ephemeral containerized workloads. Organizations can now seamlessly detect, prioritize, and remediate...
CVE-2025-0337
ServiceNow has addressed an authorization bypass vulnerability that was identified in the Washington release of the Now Platform. This vulnerability, if exploited, potentially could enable an authenticated user to access unauthorized data stored within the Now Platform that the user otherwise wou...
CVE-2025-0337 Authorization bypass in Now Platform
ServiceNow has addressed an authorization bypass vulnerability that was identified in the Washington release of the Now Platform. This vulnerability, if exploited, potentially could enable an authenticated user to access unauthorized data stored within the Now Platform that the user otherwise wou...