SB2024120581 - Multiple vulnerabilities in ServiceNow
Published: December 5, 2024 Updated: May 5, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 54 secuirty vulnerabilities.
1) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Seismic Framework component. A remote user can bypass implemented security restrictions.
2) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Mobile Platform component. A remote user can bypass implemented security restrictions.
3) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Mordor component. A remote user can bypass implemented security restrictions.
4) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Now Code Editor component. A remote user can bypass implemented security restrictions.
5) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Now Experience Framework component. A remote user can bypass implemented security restrictions.
6) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the On-Call Scheduling component. A remote user can bypass implemented security restrictions.
7) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Performance Analytics component. A remote user can bypass implemented security restrictions.
8) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Performance Analytics Dashboards component. A remote user can bypass implemented security restrictions.
9) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Performance Dashboards component. A remote user can bypass implemented security restrictions.
10) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Platform Analytics Migration API component. A remote user can bypass implemented security restrictions.
11) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Platform Analytics Migration Center component. A remote user can bypass implemented security restrictions.
12) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Project Management component. A remote user can bypass implemented security restrictions.
13) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Server-side scripts component. A remote user can bypass implemented security restrictions.
14) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Machine Learning APIs component. A remote user can bypass implemented security restrictions.
15) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Service Catalog component. A remote user can bypass implemented security restrictions.
16) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Service Management Virtual Agent Topic Blocks component. A remote user can bypass implemented security restrictions.
17) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Service Portal Core Widgets component. A remote user can bypass implemented security restrictions.
18) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Survey Management component. A remote user can bypass implemented security restrictions.
19) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the System Update Sets component. A remote user can bypass implemented security restrictions.
20) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the UI Field Administration component. A remote user can bypass implemented security restrictions.
21) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the UX Framework component. A remote user can bypass implemented security restrictions.
22) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Universal Request component. A remote user can bypass implemented security restrictions.
23) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Walk-Up Experience component. A remote user can bypass implemented security restrictions.
24) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Work Order Management component. A remote user can bypass implemented security restrictions.
25) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the MetricBase component. A remote user can bypass implemented security restrictions.
26) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the MID Server component. A remote user can bypass implemented security restrictions.
27) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the AI Search component. A remote user can bypass implemented security restrictions.
28) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Database Persistence component. A remote user can bypass implemented security restrictions.
29) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Activity Stream component. A remote user can bypass implemented security restrictions.
30) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Agent Assist component. A remote user can bypass implemented security restrictions.
31) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Analytics Export API component. A remote user can bypass implemented security restrictions.
32) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Asynchronous Message Bus (AMB) component. A remote user can bypass implemented security restrictions.
33) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Attachment REST API component. A remote user can bypass implemented security restrictions.
34) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Automated Test Framework (ATF) component. A remote user can bypass implemented security restrictions.
35) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Case and Knowledge Management for HR Service Delivery component. A remote user can bypass implemented security restrictions.
36) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Communities component. A remote user can bypass implemented security restrictions.
37) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Content Experiences component. A remote user can bypass implemented security restrictions.
38) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Content Governance component. A remote user can bypass implemented security restrictions.
39) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Core Platform component. A remote user can bypass implemented security restrictions.
40) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Domain Separation component. A remote user can bypass implemented security restrictions.
41) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Localization Framework component. A remote user can bypass implemented security restrictions.
42) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Email Notifications component. A remote user can bypass implemented security restrictions.
43) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Flow Engine component. A remote user can bypass implemented security restrictions.
44) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Form Controller component. A remote user can bypass implemented security restrictions.
45) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the GRC Platform Plugins component. A remote user can bypass implemented security restrictions.
46) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Glide Server APIs component. A remote user can bypass implemented security restrictions.
47) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the HR Service Delivery component. A remote user can bypass implemented security restrictions.
48) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the HTML Sanitizer component. A remote user can bypass implemented security restrictions.
49) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Identity component. A remote user can bypass implemented security restrictions.
50) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Integration Hub component. A remote user can bypass implemented security restrictions.
51) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Knowledge Management component. A remote user can bypass implemented security restrictions.
52) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the Lifecycle Events component. A remote user can bypass implemented security restrictions.
53) Improper input validation (CVE-ID: N/A)
The vulnerability allows a remote user to bypass implemented secuirity restrictions.
The vulnerability exists due to an unspecified issue within the List Administration component. A remote user can bypass implemented security restrictions.
54) Improper access control (CVE-ID: CVE-2025-0337)
The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote user can bypass implemented security restrictions and gain unauthorized access to the application.
Remediation
Install update from vendor's website.