WID-SEC-W-2025-2252
Vulnerability from csaf_certbund - Published: 2025-10-09 22:00 - Updated: 2025-10-09 22:00Summary
ServiceNow Now Platform (AI Platform): Mehrere Schwachstellen ermöglichen Cross-Site Scripting
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Die ServiceNow Now Platform ist eine Cloud-basierte Plattform, die Unternehmen bei der Automatisierung und Verwaltung ihrer Geschäftsprozesse unterstützt
Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in ServiceNow Now Platform ausnutzen, um einen Cross-Site Scripting Angriff durchzuführen.
Betroffene Betriebssysteme: - Sonstiges
References
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Die ServiceNow Now Platform ist eine Cloud-basierte Plattform, die Unternehmen bei der Automatisierung und Verwaltung ihrer Gesch\u00e4ftsprozesse unterst\u00fctzt",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in ServiceNow Now Platform ausnutzen, um einen Cross-Site Scripting Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2025-2252 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2025/wid-sec-w-2025-2252.json"
},
{
"category": "self",
"summary": "WID-SEC-2025-2252 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-2252"
},
{
"category": "external",
"summary": "Service Now Knowledge Base vom 2025-10-09",
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB2552817"
}
],
"source_lang": "en-US",
"title": "ServiceNow Now Platform (AI Platform): Mehrere Schwachstellen erm\u00f6glichen Cross-Site Scripting",
"tracking": {
"current_release_date": "2025-10-09T22:00:00.000+00:00",
"generator": {
"date": "2025-10-10T09:44:51.972+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.4.0"
}
},
"id": "WID-SEC-W-2025-2252",
"initial_release_date": "2025-10-09T22:00:00.000+00:00",
"revision_history": [
{
"date": "2025-10-09T22:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "AI Platform Washington DC \u003c10 Hot Fix 7b",
"product": {
"name": "ServiceNow Now Platform AI Platform Washington DC \u003c10 Hot Fix 7b",
"product_id": "T047535"
}
},
{
"category": "product_version",
"name": "AI Platform Washington DC 10 Hot Fix 7b",
"product": {
"name": "ServiceNow Now Platform AI Platform Washington DC 10 Hot Fix 7b",
"product_id": "T047535-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:servicenow:now_platform:ai_platform_washington_dc__10_hot_fix_7b"
}
}
},
{
"category": "product_version_range",
"name": "AI Platform Xanadu \u003c10 Hot Fix 1a",
"product": {
"name": "ServiceNow Now Platform AI Platform Xanadu \u003c10 Hot Fix 1a",
"product_id": "T047536"
}
},
{
"category": "product_version",
"name": "AI Platform Xanadu 10 Hot Fix 1a",
"product": {
"name": "ServiceNow Now Platform AI Platform Xanadu 10 Hot Fix 1a",
"product_id": "T047536-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:servicenow:now_platform:ai_platform_xanadu__10_hot_fix_1a"
}
}
},
{
"category": "product_version_range",
"name": "AI Platform Xanadu \u003cPatch 11",
"product": {
"name": "ServiceNow Now Platform AI Platform Xanadu \u003cPatch 11",
"product_id": "T047537"
}
},
{
"category": "product_version",
"name": "AI Platform Xanadu Patch 11",
"product": {
"name": "ServiceNow Now Platform AI Platform Xanadu Patch 11",
"product_id": "T047537-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:servicenow:now_platform:ai_platform_xanadu__patch_11"
}
}
},
{
"category": "product_version_range",
"name": "AI Platform Yokohama \u003c10 Hot Fix 1a",
"product": {
"name": "ServiceNow Now Platform AI Platform Yokohama \u003c10 Hot Fix 1a",
"product_id": "T047538"
}
},
{
"category": "product_version",
"name": "AI Platform Yokohama 10 Hot Fix 1a",
"product": {
"name": "ServiceNow Now Platform AI Platform Yokohama 10 Hot Fix 1a",
"product_id": "T047538-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:servicenow:now_platform:ai_platform_yokohama__10_hot_fix_1a"
}
}
},
{
"category": "product_version_range",
"name": "AI Platform Yokohama \u003cPatch 8",
"product": {
"name": "ServiceNow Now Platform AI Platform Yokohama \u003cPatch 8",
"product_id": "T047539"
}
},
{
"category": "product_version",
"name": "AI Platform Yokohama Patch 8",
"product": {
"name": "ServiceNow Now Platform AI Platform Yokohama Patch 8",
"product_id": "T047539-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:servicenow:now_platform:ai_platform_yokohama__patch_8"
}
}
},
{
"category": "product_version_range",
"name": "AI Platform Yokohama \u003cPatch 9",
"product": {
"name": "ServiceNow Now Platform AI Platform Yokohama \u003cPatch 9",
"product_id": "T047540"
}
},
{
"category": "product_version",
"name": "AI Platform Yokohama Patch 9",
"product": {
"name": "ServiceNow Now Platform AI Platform Yokohama Patch 9",
"product_id": "T047540-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:servicenow:now_platform:ai_platform_yokohama__patch_9"
}
}
},
{
"category": "product_version_range",
"name": "AI Platform Zurich \u003c1 Hot Fix 1a",
"product": {
"name": "ServiceNow Now Platform AI Platform Zurich \u003c1 Hot Fix 1a",
"product_id": "T047541"
}
},
{
"category": "product_version",
"name": "AI Platform Zurich 1 Hot Fix 1a",
"product": {
"name": "ServiceNow Now Platform AI Platform Zurich 1 Hot Fix 1a",
"product_id": "T047541-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:servicenow:now_platform:ai_platform_zurich__1_hot_fix_1a"
}
}
},
{
"category": "product_version_range",
"name": "AI Platform Zurich \u003cPatch 2",
"product": {
"name": "ServiceNow Now Platform AI Platform Zurich \u003cPatch 2",
"product_id": "T047542"
}
},
{
"category": "product_version",
"name": "AI Platform Zurich Patch 2",
"product": {
"name": "ServiceNow Now Platform AI Platform Zurich Patch 2",
"product_id": "T047542-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:servicenow:now_platform:ai_platform_zurich__patch_2"
}
}
},
{
"category": "product_version_range",
"name": "AI Platform Zurich \u003cPatch 3",
"product": {
"name": "ServiceNow Now Platform AI Platform Zurich \u003cPatch 3",
"product_id": "T047543"
}
},
{
"category": "product_version",
"name": "AI Platform Zurich Patch 3",
"product": {
"name": "ServiceNow Now Platform AI Platform Zurich Patch 3",
"product_id": "T047543-fixed",
"product_identification_helper": {
"cpe": "cpe:/a:servicenow:now_platform:ai_platform_zurich__patch_3"
}
}
},
{
"category": "product_version",
"name": "AI Platform Australia General Availability (GA)",
"product": {
"name": "ServiceNow Now Platform AI Platform Australia General Availability (GA)",
"product_id": "T047544",
"product_identification_helper": {
"cpe": "cpe:/a:servicenow:now_platform:ai_platform_australia_general_availability_%28ga%29"
}
}
}
],
"category": "product_name",
"name": "Now Platform"
}
],
"category": "vendor",
"name": "ServiceNow"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-11449",
"product_status": {
"known_affected": [
"T047537",
"T047538",
"T047535",
"T047536",
"T047539",
"T047540",
"T047541",
"T047544",
"T047542",
"T047543"
]
},
"release_date": "2025-10-09T22:00:00.000+00:00",
"title": "CVE-2025-11449"
},
{
"cve": "CVE-2025-11450",
"product_status": {
"known_affected": [
"T047537",
"T047538",
"T047535",
"T047536",
"T047539",
"T047540",
"T047541",
"T047544",
"T047542",
"T047543"
]
},
"release_date": "2025-10-09T22:00:00.000+00:00",
"title": "CVE-2025-11450"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…