Lucene search
K

290 matches found

CVE
CVE
added 2025/03/06 4:29 p.m.85 views

CVE-2025-0337

CVE-2025-0337 describes an authorization bypass in the Now Platform (Washington release) where an authenticated user could access data they are not entitled to. The vulnerability is addressed via patches and a family release made available to hosted and self-hosted customers and partners. Connect...

7.1CVSS6.7AI score0.0036EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/03/06 4:29 p.m.9 views

CVE-2025-0337 Authorization bypass in Now Platform

ServiceNow has addressed an authorization bypass vulnerability that was identified in the Washington release of the Now Platform. This vulnerability, if exploited, potentially could enable an authenticated user to access unauthorized data stored within the Now Platform that the user otherwise wou...

7.1CVSS6.7AI score0.0036EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/03/06 12:0 a.m.2 views

ServiceNow Now Platform 安全漏洞

ServiceNow Now Platform is a cloud-based platform from US-based ServiceNow that uses AI and machine learning to automate and optimize work across the enterprise. ServiceNow Now Platform has a security vulnerability that stems from an authorization bypass that could lead to unauthorized data acces...

7.1CVSS6.6AI score0.0036EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/03/06 12:0 a.m.4 views

PT-2025-9977 · Servicenow · Servicenow

Name of the Vulnerable Software and Affected Versions: ServiceNow versions prior to the fixed version in the Washington release of Now Platform Description: The issue is an authorization bypass vulnerability that could enable an authenticated user to access unauthorized data stored within the Now...

7.1CVSS5.9AI score0.0036EPSS
Exploits0References16
RedhatCVE
RedhatCVE
added 2025/02/06 1:54 a.m.9 views

CVE-2022-43684

ServiceNow has released patches and an upgrade that address an Access Control List ACL bypass issue in ServiceNow Core functionality. Additional Details This issue is present in the following supported ServiceNow releases: Quebec prior to Patch 10 Hot Fix 8b Rome prior to Patch 10 Hot Fix 1 San...

9.9CVSS6.3AI score0.018EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/02/05 6:37 a.m.6 views

CVE-2024-5217

ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addresse...

9.8CVSS9.6AI score0.99628EPSS
Exploits4References1
RedhatCVE
RedhatCVE
added 2025/02/05 12:2 a.m.8 views

CVE-2024-4879

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted...

9.8CVSS9.5AI score0.99976EPSS
Exploits8References1
Tenable Nessus
Tenable Nessus
added 2025/01/31 12:0 a.m.9 views

ServiceNow Platform Input Validation (CVE-2024-4879) (Direct Check)

Binary data servicenowcve-2024-4879.nbin...

9.8CVSS9.6AI score0.99976EPSS
Exploits8References2
Tenable Nessus
Tenable Nessus
added 2025/01/22 12:0 a.m.4 views

ServiceNow Platform Web Interface Detection

Binary data servicenowplatformwebdetect.nbin...

7.3AI score
Exploits0
NVD
NVD
added 2024/12/02 7:15 p.m.20 views

CVE-2024-5890

ServiceNow has addressed an HTML injection vulnerability that was identified in the Now Platform. This vulnerability could potentially enable an unauthenticated user to modify a web page or redirect users to another website. ServiceNow released updates to customers that addressed this...

5.1CVSS0.00297EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/12/02 6:24 p.m.26 views

CVE-2024-5890 HTML Injection in the Assessment plugin

ServiceNow has addressed an HTML injection vulnerability that was identified in the Now Platform. This vulnerability could potentially enable an unauthenticated user to modify a web page or redirect users to another website. ServiceNow released updates to customers that addressed this...

5.1CVSS0.00297EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/02 6:24 p.m.20 views

CVE-2024-5890 HTML Injection in the Assessment plugin

ServiceNow has addressed an HTML injection vulnerability that was identified in the Now Platform. This vulnerability could potentially enable an unauthenticated user to modify a web page or redirect users to another website. ServiceNow released updates to customers that addressed this...

5.1CVSS6.9AI score0.00297EPSS
Exploits0References1
CVE
CVE
added 2024/12/02 6:24 p.m.53 views

CVE-2024-5890

Technical details beyond the description are not provided in the connected documents. Monitor for updates from ServiceNow and vendors; apply patches when available.

5.1CVSS4.6AI score0.00297EPSS
Exploits0References1
NVD
NVD
added 2024/10/29 5:15 p.m.11 views

CVE-2024-8924

ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information. ServiceNow deployed an update to hosted instances, and ServiceNow provided the update to our partners...

8.7CVSS0.00509EPSS
Exploits0References1
NVD
NVD
added 2024/10/29 4:15 p.m.12 views

CVE-2024-8923

ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow deployed an update to hosted instances and ServiceNow provided th...

10CVSS0.01107EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/10/29 4:14 p.m.15 views

CVE-2024-8924 Unauthenticated Blind SQL Injection in Core Platform

ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information. ServiceNow deployed an update to hosted instances, and ServiceNow provided the update to our partners...

8.7CVSS7.9AI score0.00509EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/10/29 4:14 p.m.27 views

CVE-2024-8924 Unauthenticated Blind SQL Injection in Core Platform

ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information. ServiceNow deployed an update to hosted instances, and ServiceNow provided the update to our partners...

8.7CVSS0.00509EPSS
Exploits0References1
CVE
CVE
added 2024/10/29 4:14 p.m.62 views

CVE-2024-8924

CVE-2024-8924 concerns ServiceNow Now Platform with an unauthenticated blind SQL injection vulnerability. The issue affects the Now Platform and could enable an attacker to extract unauthorized information. ServiceNow has deployed updates to hosted instances and provided fixes to partners and sel...

8.7CVSS7.8AI score0.00509EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2024/10/29 4:7 p.m.55 views

CVE-2024-8923

CVE-2024-8923 affects ServiceNow Now Platform. The root cause is insufficient input validation in the platform, enabling an unauthenticated attacker to remotely execute code via a network vector. Impact is high (remote code execution, high confidentiality/integrity/availability risk). ServiceNow ...

10CVSS9.6AI score0.01107EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2024/10/29 4:7 p.m.11 views

CVE-2024-8923 Sandbox Escape in Now Platform

ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow deployed an update to hosted instances and ServiceNow provided th...

9.8CVSS7.3AI score0.01107EPSS
Exploits0References1
Rows per page
Query Builder