Skip to main content

Servicenow

9 CVEs product

Monthly

CVE-2024-8924 HIGH This Week

ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Servicenow
NVD
CVSS 4.0
8.7
EPSS
0.5%
CVE-2024-8923 CRITICAL Act Now

ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Servicenow
NVD
CVSS 4.0
9.3
EPSS
1.1%
CVE-2024-5217 CRITICAL POC KEV THREAT Act Now

ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Servicenow
NVD
CVSS 4.0
9.2
EPSS
99.6%
CVE-2024-4879 CRITICAL POC KEV THREAT Act Now

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Servicenow
NVD Exploit-DB
CVSS 4.0
9.3
EPSS
100.0%
CVE-2023-1298 MEDIUM This Month

ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified in the ServiceNow Polaris Layout. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Servicenow
NVD
CVSS 3.1
6.1
EPSS
0.4%
CVE-2023-1209 MEDIUM This Month

Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Servicenow
NVD
CVSS 3.1
5.4
EPSS
0.4%
CVE-2022-38463 MEDIUM POC This Month

ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Servicenow
NVD
CVSS 3.1
6.1
EPSS
2.3%
CVE-2022-38172 MEDIUM This Month

ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Servicenow
NVD
CVSS 3.1
6.1
EPSS
0.5%
CVE-2018-7748 HIGH POC This Week

{xyz}' Glide Scripting Injection in the sysparm_media parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Servicenow
NVD
CVSS 3.0
8.8
EPSS
2.6%
EPSS 1% CVSS 8.7
HIGH This Week

ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. Rated high severity (CVSS 8.7), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

SQLi Servicenow
NVD
EPSS 1% CVSS 9.3
CRITICAL Act Now

ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Code Injection RCE Servicenow
NVD
EPSS 100% CVSS 9.2
CRITICAL POC KEV THREAT Act Now

ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. Rated critical severity (CVSS 9.2), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Servicenow
NVD
EPSS 100% CVSS 9.3
CRITICAL POC KEV THREAT Act Now

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Servicenow
NVD Exploit-DB
EPSS 0% CVSS 6.1
MEDIUM This Month

ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified in the ServiceNow Polaris Layout. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Servicenow
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Servicenow
NVD
EPSS 2% CVSS 6.1
MEDIUM POC This Month

ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Servicenow
NVD
EPSS 0% CVSS 6.1
MEDIUM This Month

ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Servicenow
NVD
EPSS 3% CVSS 8.8
HIGH POC This Week

{xyz}' Glide Scripting Injection in the sysparm_media parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Code Injection RCE Servicenow
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy