Multiple vulnerabilities in ServiceNow



| Updated: 2025-05-05
Risk Medium
Patch available YES
Number of vulnerabilities 54
CVE-ID CVE-2025-0337
CWE-ID CWE-20
CWE-284
Exploitation vector Network
Public exploit N/A
Vulnerable software
 ServiceNow
Server applications / Other server solutions

Vendor ServiceNow

Security Bulletin

This security bulletin contains information about 54 vulnerabilities.

1) Improper input validation

EUVDB-ID: #VU108640

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Seismic Framework component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Improper input validation

EUVDB-ID: #VU108629

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Mobile Platform component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Improper input validation

EUVDB-ID: #VU108630

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Mordor component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Improper input validation

EUVDB-ID: #VU108631

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Now Code Editor component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Improper input validation

EUVDB-ID: #VU108632

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Now Experience Framework component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Improper input validation

EUVDB-ID: #VU108633

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the On-Call Scheduling component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Improper input validation

EUVDB-ID: #VU108634

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Performance Analytics component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Improper input validation

EUVDB-ID: #VU108635

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Performance Analytics Dashboards component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Improper input validation

EUVDB-ID: #VU108636

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Performance Dashboards component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Improper input validation

EUVDB-ID: #VU108637

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Platform Analytics Migration API component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

11) Improper input validation

EUVDB-ID: #VU108638

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Platform Analytics Migration Center component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Improper input validation

EUVDB-ID: #VU108639

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Project Management component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

13) Improper input validation

EUVDB-ID: #VU108641

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Server-side scripts component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Improper input validation

EUVDB-ID: #VU108627

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Machine Learning APIs component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Improper input validation

EUVDB-ID: #VU108642

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Service Catalog component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Improper input validation

EUVDB-ID: #VU108643

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Service Management Virtual Agent Topic Blocks component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Improper input validation

EUVDB-ID: #VU108644

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Service Portal Core Widgets component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Improper input validation

EUVDB-ID: #VU108645

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Survey Management component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Improper input validation

EUVDB-ID: #VU108646

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the System Update Sets component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Improper input validation

EUVDB-ID: #VU108647

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the UI Field Administration component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Improper input validation

EUVDB-ID: #VU108648

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the UX Framework component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) Improper input validation

EUVDB-ID: #VU108649

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Universal Request component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Improper input validation

EUVDB-ID: #VU108650

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Walk-Up Experience component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Improper input validation

EUVDB-ID: #VU108651

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Work Order Management component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) Improper input validation

EUVDB-ID: #VU108628

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the MetricBase component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper input validation

EUVDB-ID: #VU108626

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the MID Server component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Improper input validation

EUVDB-ID: #VU108599

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the AI Search component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) Improper input validation

EUVDB-ID: #VU108611

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Database Persistence component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Improper input validation

EUVDB-ID: #VU108600

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Activity Stream component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Improper input validation

EUVDB-ID: #VU108601

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Agent Assist component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Improper input validation

EUVDB-ID: #VU108602

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Analytics Export API component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Improper input validation

EUVDB-ID: #VU108603

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Asynchronous Message Bus (AMB) component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

33) Improper input validation

EUVDB-ID: #VU108604

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Attachment REST API component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

34) Improper input validation

EUVDB-ID: #VU108605

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Automated Test Framework (ATF) component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

35) Improper input validation

EUVDB-ID: #VU108606

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Case and Knowledge Management for HR Service Delivery component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

36) Improper input validation

EUVDB-ID: #VU108607

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Communities component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

37) Improper input validation

EUVDB-ID: #VU108608

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Content Experiences component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

38) Improper input validation

EUVDB-ID: #VU108609

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Content Governance component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

39) Improper input validation

EUVDB-ID: #VU108610

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Core Platform component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

40) Improper input validation

EUVDB-ID: #VU108612

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Domain Separation component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

41) Improper input validation

EUVDB-ID: #VU108625

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Localization Framework component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

42) Improper input validation

EUVDB-ID: #VU108613

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Email Notifications component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

43) Improper input validation

EUVDB-ID: #VU108614

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Flow Engine component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

44) Improper input validation

EUVDB-ID: #VU108615

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Form Controller component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

45) Improper input validation

EUVDB-ID: #VU108616

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the GRC Platform Plugins component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

46) Improper input validation

EUVDB-ID: #VU108617

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Glide Server APIs component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

47) Improper input validation

EUVDB-ID: #VU108618

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the HR Service Delivery component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

48) Improper input validation

EUVDB-ID: #VU108619

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the HTML Sanitizer component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

49) Improper input validation

EUVDB-ID: #VU108620

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Identity component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

50) Improper input validation

EUVDB-ID: #VU108621

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Integration Hub component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

51) Improper input validation

EUVDB-ID: #VU108622

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Knowledge Management component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

52) Improper input validation

EUVDB-ID: #VU108623

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the Lifecycle Events component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

53) Improper input validation

EUVDB-ID: #VU108624

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: N/A

CWE-ID: CWE-20 - Improper input validation

Exploit availability: No

Description

The vulnerability allows a remote user to bypass implemented secuirity restrictions.

The vulnerability exists due to an unspecified issue within the List Administration component. A remote user can bypass implemented security restrictions.

Mitigation

Upgrade to the latest version.

Vulnerable software versions

ServiceNow: Washington DC Patch 1 - Washington DC Patch 8 Hotfix 2

CPE2.3 External links

https://servicenow-be-prod.servicenow.com/bundle/washingtondc-prbrn/page/release-notes/dfrn2-washingtondc-onebundle/PRBs-W09.00-W10.04.html
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1709724


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

54) Improper access control

EUVDB-ID: #VU108653

Risk: Medium

CVSSv4.0: 1.3 [CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2025-0337

CWE-ID: CWE-284 - Improper Access Control

Exploit availability: No

Description

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote user can bypass implemented security restrictions and gain unauthorized access to the application.

Mitigation

Install updates from vendor's website.

Vulnerable software versions

ServiceNow: Xanadu - Xanadu Hotfix 1

CPE2.3 External links

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1948695


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###