Skip to main content

SNOW-2.1: Unsafe Script Pattern in Agent Tool

๐Ÿšจ Critical ยท ServiceNow Script Safety

Detects unsafe scripting patterns in agent-accessible Script Includes and Script Tools. Patterns include eval(), GlideEvaluator, Packages.java, GlideSystemScript, and direct SQL via GlideDBQuery โ€” all of which can be exploited through prompt injection to achieve remote code execution.

Detailsโ€‹

FieldValue
Rule IDSNOW-2.1
SeverityCritical
CategoryServiceNow Script Safety
Platformsservicenow

Remediationโ€‹

Refer to the SquireX documentation for remediation guidance specific to SNOW-2.1.

See Alsoโ€‹