Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Servicenow — Vulnerabilities & Security Advisories 21

Browse all 21 CVE security advisories affecting Servicenow. AI-powered Chinese analysis, POCs, and references for each vulnerability.

ServiceNow operates as a cloud-based platform primarily used for IT service management, automating workflows for incident, change, and problem management across enterprise environments. Its architecture, which integrates numerous modules and third-party integrations, has historically exposed it to diverse vulnerability classes. Recorded Common Vulnerabilities and Exposures (CVEs) frequently involve remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from complex input validation failures or insecure direct object references within its web interface. While the platform employs robust encryption and access controls, its expansive attack surface presents significant risks if misconfigured. Notable security incidents have included data exfiltration attempts and unauthorized access due to weak authentication mechanisms, highlighting the critical importance of rigorous patch management and strict identity governance to mitigate potential exploitation of these systemic weaknesses.

Top products by Servicenow: Now Platform ServiceNow AI Platform Jenkins plug-in for ServiceNow DevOps ServiceNow ServiceNow Records Now User Experience Now Assist AI Agents
CVE IDTitleCVSSSeverityPublished
CVE-2026-0542 Remote Code Execution in ServiceNow AI Platform — ServiceNow AI PlatformCWE-653 9.8AICriticalAI2026-02-25
CVE-2025-12420 Unauthenticated Privilege Escalation in ServiceNow AI Platform — Now Assist AI AgentsCWE-250 9.8AICriticalAI2026-01-12
CVE-2025-11449 Reflected Cross Site Scripting in ServiceNow AI Platform — ServiceNow AI PlatformCWE-79 6.1AIMediumAI2025-10-10
CVE-2025-11450 Reflected Cross Site Scripting in ServiceNow AI Platform — ServiceNow AI PlatformCWE-79 6.1AIMediumAI2025-10-10
CVE-2025-3089 Broken Access Control in ServiceNow AI Platform — ServiceNow AI PlatformCWE-639 6.5AIMediumAI2025-08-12
CVE-2025-3648 Data Inference in Now Platform via Conditional ACLs — Now PlatformCWE-1220 5.3AIMediumAI2025-07-08
CVE-2025-0337 Authorization bypass in Now Platform — Now PlatformCWE-639 6.5 Medium2025-03-06
CVE-2024-5890 HTML Injection in the Assessment plugin — Now PlatformCWE-79 4.3 Medium2024-12-02
CVE-2024-8924 Unauthenticated Blind SQL Injection in Core Platform — Now PlatformCWE-89 7.5 High2024-10-29
CVE-2024-8923 Sandbox Escape in Now Platform — Now PlatformCWE-94 9.8 Critical2024-10-29
CVE-2024-5217 Incomplete Input Validation in GlideExpression Script — Now PlatformCWE-184 9.8 Critical2024-07-10
CVE-2024-5178 Incomplete Input Validation in SecurelyAccess API — Now PlatformCWE-184 4.9 Medium2024-07-10
CVE-2024-4879 Jelly Template Injection Vulnerability in ServiceNow UI Macros — Now PlatformCWE-1287 9.8 Critical2024-07-10
CVE-2023-3442 Missing Authorization in Jenkins plug-in for ServiceNow DevOps — Jenkins plug-in for ServiceNow DevOpsCWE-862 7.7 High2023-07-26
CVE-2023-3414 Cross-Site Request Forgery (CSRF) in Jenkins Plug-in for ServiceNow DevOps — Jenkins plug-in for ServiceNow DevOpsCWE-352 6.1 Medium2023-07-26
CVE-2023-1298 ServiceNow 跨站脚本漏洞 — Now User ExperienceCWE-79 4.3 Medium2023-07-06
CVE-2022-43684 ACL bypass in Reporting functionality — Now PlatformCWE-200 9.9 Critical2023-06-13
CVE-2023-1209 ServiceNow 跨站脚本漏洞 — ServiceNow RecordsCWE-79 4.3 Medium2023-05-23
CVE-2022-46389 Cross-Site Scripting (XSS) vulnerability found on logout functionality — Now PlatformCWE-79 6.1 Medium2023-04-17
CVE-2022-46886 ServiceNow 输入验证错误漏洞 — ServiceNow 5.5 Medium2023-04-14
CVE-2022-39048 Cross-Site Scripting (XSS) vulnerability in ServiceNow UI page assessment_redirect — Now Platform 6.1 Medium2023-04-10

This page lists every published CVE security advisory associated with Servicenow. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.