Servicenow Now Platform
11 CVEs affecting Servicenow Now Platform. Latest disclosed: 2025-07-08. Critical: 4, High: 1.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-43684 | Critical | 9.9 | 2023-06-13 | ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality. Additional Details … |
CVE-2024-8923 | Critical | 9.8 | 2024-10-29 | ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to… |
CVE-2024-5217 | Critical | 9.8 | 2024-07-10 | ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnera… |
CVE-2024-4879 | Critical | 9.8 | 2024-07-10 | ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could e… |
CVE-2024-8924 | High | 7.5 | 2024-10-29 | ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user t… |
CVE-2025-0337 | Medium | 6.5 | 2025-03-06 | ServiceNow has addressed an authorization bypass vulnerability that was identified in the Washington release of the Now Platform. This vulnerability, if exploi… |
CVE-2022-46389 | Medium | 6.1 | 2023-04-17 | There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego P… |
CVE-2022-39048 | Medium | 6.1 | 2023-04-10 | A XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vulnerability, an attacker would need to persuade an authenti… |
CVE-2024-5178 | Medium | 4.9 | 2024-07-10 | ServiceNow has addressed a sensitive file read vulnerability that was identified in the Washington DC, Vancouver, and Utah Now Platform releases. This vulnerab… |
CVE-2024-5890 | Medium | 4.3 | 2024-12-02 | ServiceNow has addressed an HTML injection vulnerability that was identified in the Now Platform. This vulnerability could potentially enable an unauthenticate… |
CVE-2025-3648 | | 2025-07-08 | A vulnerability has been identified in the Now Platform that could result in data being inferred without authorization. Under certain conditional access contro… |