threat
engine
.sh
Back
·
··:··
Home
/
Product
/
servicenow
Product
servicenow
19 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2025-12420
< 5.1.18
A vulnerability has been identified in the ServiceNow AI Platform that could enable an unauthenticated user to impersonate another
9.8
CRITICAL
CVE-2024-8924
all versions
ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could ena
7.5
HIGH
CVE-2024-8923
all versions
ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enabl
9.8
CRITICAL
CVE-2024-5217
all versions
ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Pl
9.8
CRITICAL
CVE-2024-4879
all versions
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform release
9.8
CRITICAL
CVE-2023-1298
all versions
ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified
4.3
MEDIUM
CVE-2022-43684
all versions
ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functiona
9.9
CRITICAL
CVE-2023-1209
all versions
Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scri
4.3
MEDIUM
CVE-2022-46389
all versions
There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Pa
6.1
MEDIUM
CVE-2022-46886
all versions
There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users
5.5
MEDIUM
CVE-2022-39048
all versions
A XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vulnerability, an attacker would
6.1
MEDIUM
CVE-2022-42704
all versions
A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp) in ServiceNow Quebec, Rome, an
5.4
MEDIUM
CVE-2022-38463
all versions
ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality.
6.1
MEDIUM
CVE-2022-38172
all versions
ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytic
6.1
MEDIUM
CVE-2021-45901
all versions
The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether
5.3
MEDIUM
CVE-2019-20768
all versions
ServiceNow IT Service Management Kingston through Patch 14-1, London through Patch 7, and Madrid before patch 4 allow stored XSS v
5.4
MEDIUM
CVE-2019-0032
>= 15.1r1 and < 18.1r1
A password management issue exists where the Organization authentication username and password were stored in plaintext in log fil
7.8
HIGH
CVE-2018-7748
all versions
report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '${xyz}'
8.8
HIGH
CVE-2018-8720
all versions
ServiceNow ITSM 2016-06-02 has XSS via the First Name or Last Name field of My Profile (aka navpage.do), or the Search bar of My P
5.4
MEDIUM
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin