Servicenow

Servicenow

15 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2024-8924

  • EPSS 0.6%
  • Veröffentlicht 29.10.2024 17:15:04
  • Zuletzt bearbeitet 27.11.2024 19:32:01

ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information. ServiceNow deployed an update to hosted instances, and ...

10

CVE-2024-8923

  • EPSS 0.83%
  • Veröffentlicht 29.10.2024 16:15:06
  • Zuletzt bearbeitet 27.11.2024 19:31:56

ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow deployed an update...

9.8

CVE-2024-4879

Warnung Medienbericht
  • EPSS 94.35%
  • Veröffentlicht 10.07.2024 17:15:12
  • Zuletzt bearbeitet 03.11.2025 18:58:11

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platfo...

9.8

CVE-2024-5217

Warnung Medienbericht
  • EPSS 94.11%
  • Veröffentlicht 10.07.2024 17:15:12
  • Zuletzt bearbeitet 03.11.2025 18:58:17

ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of ...

6.1

CVE-2023-1298

  • EPSS 0.92%
  • Veröffentlicht 06.07.2023 18:15:10
  • Zuletzt bearbeitet 17.12.2024 13:58:11

ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts.

6.5

CVE-2022-43684

  • EPSS 0.2%
  • Veröffentlicht 13.06.2023 19:15:09
  • Zuletzt bearbeitet 13.02.2025 17:15:46

ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality. Additional Details This issue is present in the following supported ServiceNow releases: * Quebec prior...

5.4

CVE-2023-1209

  • EPSS 0.47%
  • Veröffentlicht 23.05.2023 17:15:08
  • Zuletzt bearbeitet 21.11.2024 07:38:40

Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts.

6.1

CVE-2022-46389

  • EPSS 0.49%
  • Veröffentlicht 17.04.2023 22:15:07
  • Zuletzt bearbeitet 21.11.2024 07:30:30

There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego Patch 9, Tokyo Patch 4, and Utah GA. This enables an unauthenticated remote attacker to exec...

6.1

CVE-2022-46886

  • EPSS 0.11%
  • Veröffentlicht 14.04.2023 20:15:09
  • Zuletzt bearbeitet 06.02.2025 22:15:34

There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain.

6.1

CVE-2022-39048

  • EPSS 20.22%
  • Veröffentlicht 10.04.2023 14:15:07
  • Zuletzt bearbeitet 07.02.2025 21:15:09

A XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be...