Primary

Context

ServiceNow AI Platform Broken Access Control Vulnerability

Vulnerability

A broken access control vulnerability has been identified in the ServiceNow AI Platform. This issue allows low-privileged users to bypass access restrictions and execute a limited range of actions usually reserved for users with higher privileges, potentially leading to unauthorized modifications of data.

Impact

Exploitation of this vulnerability could result in unauthorized data changes by allowing low-privileged users to access and modify data or perform actions typically restricted to higher-privileged users.

Remediation

Users can apply the patches available in the Washington DC Patch 10 Hot Fix 2a, Xanadu Patch 7a, Xanadu Patch 8, Yokohama Patch 1a, or Yokohama Patch 2.

Added: Aug 12, 2025, 4:31 PM

Updated: Aug 12, 2025, 4:31 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.2

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

3.1

exploitability

5.2

remediation

7.7

relevance

0.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

ServiceNow AI Platform Broken Access Control Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating