目標達成 すべての支援者に感謝 — 100%達成しました!

目標: 1000 CNY · 調達済み: 1000 CNY

100.0%
コーヒーを一杯おごる

ServiceNow 厂商漏洞列表 / CVE 中文分析 21

ServiceNow 厂商相关 21 条 CVE 漏洞,含 AI 中文分析、POC、CVSS 评分与受影响产品。

ServiceNow 主要提供云端工作流自动化与 IT 服务管理解决方案。其平台历史上常暴露远程代码执行、跨站脚本及越权访问等高危漏洞,部分源于配置错误或组件缺陷。鉴于其处理大量企业敏感数据,安全态势至关重要。截至最新统计已收录 21 条 CVE,攻击者可能利用这些缺陷窃取数据或破坏业务连续性,建议用户及时修补并强化访问控制以应对潜在风险。

上位製品 ServiceNow: Now Platform ServiceNow AI Platform Jenkins plug-in for ServiceNow DevOps ServiceNow ServiceNow Records Now User Experience Now Assist AI Agents
CVE IDタイトルCVSS深刻度公開日
CVE-2026-0542 Remote Code Execution in ServiceNow AI Platform — ServiceNow AI PlatformCWE-653 9.8AICriticalAI2026-02-25
CVE-2025-12420 Unauthenticated Privilege Escalation in ServiceNow AI Platform — Now Assist AI AgentsCWE-250 9.8AICriticalAI2026-01-12
CVE-2025-11449 Reflected Cross Site Scripting in ServiceNow AI Platform — ServiceNow AI PlatformCWE-79 6.1AIMediumAI2025-10-10
CVE-2025-11450 Reflected Cross Site Scripting in ServiceNow AI Platform — ServiceNow AI PlatformCWE-79 6.1AIMediumAI2025-10-10
CVE-2025-3089 Broken Access Control in ServiceNow AI Platform — ServiceNow AI PlatformCWE-639 6.5AIMediumAI2025-08-12
CVE-2025-3648 Data Inference in Now Platform via Conditional ACLs — Now PlatformCWE-1220 5.3AIMediumAI2025-07-08
CVE-2025-0337 Authorization bypass in Now Platform — Now PlatformCWE-639 6.5 Medium2025-03-06
CVE-2024-5890 HTML Injection in the Assessment plugin — Now PlatformCWE-79 4.3 Medium2024-12-02
CVE-2024-8924 Unauthenticated Blind SQL Injection in Core Platform — Now PlatformCWE-89 7.5 High2024-10-29
CVE-2024-8923 Sandbox Escape in Now Platform — Now PlatformCWE-94 9.8 Critical2024-10-29
CVE-2024-5217 Incomplete Input Validation in GlideExpression Script — Now PlatformCWE-184 9.8 Critical2024-07-10
CVE-2024-5178 Incomplete Input Validation in SecurelyAccess API — Now PlatformCWE-184 4.9 Medium2024-07-10
CVE-2024-4879 Jelly Template Injection Vulnerability in ServiceNow UI Macros — Now PlatformCWE-1287 9.8 Critical2024-07-10
CVE-2023-3442 Missing Authorization in Jenkins plug-in for ServiceNow DevOps — Jenkins plug-in for ServiceNow DevOpsCWE-862 7.7 High2023-07-26
CVE-2023-3414 Cross-Site Request Forgery (CSRF) in Jenkins Plug-in for ServiceNow DevOps — Jenkins plug-in for ServiceNow DevOpsCWE-352 6.1 Medium2023-07-26
CVE-2023-1298 ServiceNow 跨站脚本漏洞 — Now User ExperienceCWE-79 4.3 Medium2023-07-06
CVE-2022-43684 ACL bypass in Reporting functionality — Now PlatformCWE-200 9.9 Critical2023-06-13
CVE-2023-1209 ServiceNow 跨站脚本漏洞 — ServiceNow RecordsCWE-79 4.3 Medium2023-05-23
CVE-2022-46389 Cross-Site Scripting (XSS) vulnerability found on logout functionality — Now PlatformCWE-79 6.1 Medium2023-04-17
CVE-2022-46886 ServiceNow 输入验证错误漏洞 — ServiceNow 5.5 Medium2023-04-14
CVE-2022-39048 Cross-Site Scripting (XSS) vulnerability in ServiceNow UI page assessment_redirect — Now Platform 6.1 Medium2023-04-10

本页汇总了 ServiceNow 厂商截至目前公开的全部 21 条 CVE 漏洞。每条漏洞均包含 CVSS 评分、CWE 弱点分类、受影响产品与参考链接,并附带 AI 生成的中文分析以便快速判断风险。