290 matches found
CVE-2025-0337
CVE-2025-0337 describes an authorization bypass in the Now Platform (Washington release) where an authenticated user could access data they are not entitled to. The vulnerability is addressed via patches and a family release made available to hosted and self-hosted customers and partners. Connect...
CVE-2025-0337 Authorization bypass in Now Platform
ServiceNow has addressed an authorization bypass vulnerability that was identified in the Washington release of the Now Platform. This vulnerability, if exploited, potentially could enable an authenticated user to access unauthorized data stored within the Now Platform that the user otherwise wou...
ServiceNow Now Platform 安全漏洞
ServiceNow Now Platform is a cloud-based platform from US-based ServiceNow that uses AI and machine learning to automate and optimize work across the enterprise. ServiceNow Now Platform has a security vulnerability that stems from an authorization bypass that could lead to unauthorized data acces...
PT-2025-9977 · Servicenow · Servicenow
Name of the Vulnerable Software and Affected Versions: ServiceNow versions prior to the fixed version in the Washington release of Now Platform Description: The issue is an authorization bypass vulnerability that could enable an authenticated user to access unauthorized data stored within the Now...
CVE-2022-43684
ServiceNow has released patches and an upgrade that address an Access Control List ACL bypass issue in ServiceNow Core functionality. Additional Details This issue is present in the following supported ServiceNow releases: Quebec prior to Patch 10 Hot Fix 8b Rome prior to Patch 10 Hot Fix 1 San...
CVE-2024-5217
ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addresse...
CVE-2024-4879
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted...
ServiceNow Platform Input Validation (CVE-2024-4879) (Direct Check)
Binary data servicenowcve-2024-4879.nbin...
ServiceNow Platform Web Interface Detection
Binary data servicenowplatformwebdetect.nbin...
CVE-2024-5890
ServiceNow has addressed an HTML injection vulnerability that was identified in the Now Platform. This vulnerability could potentially enable an unauthenticated user to modify a web page or redirect users to another website. ServiceNow released updates to customers that addressed this...
CVE-2024-5890 HTML Injection in the Assessment plugin
ServiceNow has addressed an HTML injection vulnerability that was identified in the Now Platform. This vulnerability could potentially enable an unauthenticated user to modify a web page or redirect users to another website. ServiceNow released updates to customers that addressed this...
CVE-2024-5890 HTML Injection in the Assessment plugin
ServiceNow has addressed an HTML injection vulnerability that was identified in the Now Platform. This vulnerability could potentially enable an unauthenticated user to modify a web page or redirect users to another website. ServiceNow released updates to customers that addressed this...
CVE-2024-5890
Technical details beyond the description are not provided in the connected documents. Monitor for updates from ServiceNow and vendors; apply patches when available.
CVE-2024-8924
ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information. ServiceNow deployed an update to hosted instances, and ServiceNow provided the update to our partners...
CVE-2024-8923
ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow deployed an update to hosted instances and ServiceNow provided th...
CVE-2024-8924 Unauthenticated Blind SQL Injection in Core Platform
ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information. ServiceNow deployed an update to hosted instances, and ServiceNow provided the update to our partners...
CVE-2024-8924 Unauthenticated Blind SQL Injection in Core Platform
ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information. ServiceNow deployed an update to hosted instances, and ServiceNow provided the update to our partners...
CVE-2024-8924
CVE-2024-8924 concerns ServiceNow Now Platform with an unauthenticated blind SQL injection vulnerability. The issue affects the Now Platform and could enable an attacker to extract unauthorized information. ServiceNow has deployed updates to hosted instances and provided fixes to partners and sel...
CVE-2024-8923
CVE-2024-8923 affects ServiceNow Now Platform. The root cause is insufficient input validation in the platform, enabling an unauthenticated attacker to remotely execute code via a network vector. Impact is high (remote code execution, high confidentiality/integrity/availability risk). ServiceNow ...
CVE-2024-8923 Sandbox Escape in Now Platform
ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow deployed an update to hosted instances and ServiceNow provided th...