Vulnerabilities in ServiceNow
21 resultsCVE-2024-4879CRITICALJelly Template Injection Vulnerability in ServiceNow UI MacrosEPSS 100.0%KEVCVE-2024-5217CRITICALIncomplete Input Validation in GlideExpression ScriptEPSS 99.6%KEVCVE-2025-12420CRITICALUnauthenticated Privilege Escalation in ServiceNow AI PlatformEPSS 45.5%CVE-2024-5178MEDIUMIncomplete Input Validation in SecurelyAccess APIEPSS 33.6%CVE-2022-43684CRITICALACL bypass in Reporting functionalityEPSS 1.8%CVE-2025-3648HIGHData Inference in Now Platform via Conditional ACLsEPSS 1.7%CVE-2024-8923CRITICALSandbox Escape in Now PlatformEPSS 1.1%CVE-2022-39048MEDIUMCross-Site Scripting (XSS) vulnerability in ServiceNow UI page assessment_redirectEPSS 1.1%CVE-2026-0542CRITICALRemote Code Execution in ServiceNow AI PlatformEPSS 0.6%CVE-2023-3442HIGHMissing Authorization in Jenkins plug-in for ServiceNow DevOpsEPSS 0.6%CVE-2022-46389MEDIUMCross-Site Scripting (XSS) vulnerability found on logout functionalityEPSS 0.6%CVE-2024-8924HIGHUnauthenticated Blind SQL Injection in Core PlatformEPSS 0.5%CVE-2025-3089MEDIUMBroken Access Control in ServiceNow AI PlatformEPSS 0.4%CVE-2023-1209MEDIUMCross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts.EPSS 0.4%CVE-2025-0337HIGHAuthorization bypass in Now PlatformEPSS 0.4%CVE-2023-3414MEDIUMCross-Site Request Forgery (CSRF) in Jenkins Plug-in for ServiceNow DevOpsEPSS 0.4%CVE-2023-1298MEDIUMServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified in the SeEPSS 0.3%CVE-2025-11450MEDIUMReflected Cross Site Scripting in ServiceNow AI PlatformEPSS 0.3%CVE-2025-11449MEDIUMReflected Cross Site Scripting in ServiceNow AI PlatformEPSS 0.3%CVE-2022-46886MEDIUMThere exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrEPSS 0.3%