The ServiceNow® Vulnerability Response application brings security and IT together to enable you to remediate your most critical vulnerabilities more quickly and efficiently. Vulnerability Response was enhanced and updated in the Yokohama release.

Vulnerability Response highlights for the Yokohama release

  • With the sn_vul.vulnerability_analyst or sn_vul.vulnerability_admin role, create host remediation tasks manually in the Vulnerability Manager Workspace.
  • With the sn_vul.remediation_owner role, create host remediation tasks manually in the IT Remediation Workspace.

See Vulnerability Response for more information about the Vulnerability Response application. See the Vulnerability Response Compatibility Matrix and Release Schema Changes Knowledge Base article for more information about released Security Operations applications and their version compatibility.

Important: Vulnerability Response is available in the ServiceNow Store. For details, see the "Activation information" section of these release notes.

New in the Yokohama release

Create host remediation tasks manually in the Vulnerability Manager Workspace
With the sn_vul.vulnerability_analyst or sn_vul.vulnerability_admin role, you can create host remediation tasks manually by selecting some or all the records in the Host vulnerable items’ lists in the Vulnerability Manager Workspace. These records are grouped into one or more remediation tasks according to the grouping criteria selected while creating host remediation tasks.
Create host remediation tasks manually in the IT Remediation Workspace

With the sn_vul.remediation_owner role, you can create host remediation tasks manually by selecting desired records in the Host vulnerable items’ lists in the IT Remediation Workspace. These records are grouped into one or more remediation tasks according to the grouping criteria selected while creating host remediation tasks.

Questionnaire Support in Exception Management via Smart Assessment
Configure advanced questionnaires as part of the exception management process using Smart Assessment. This enhancement allows remediation owners to provide detailed context for exception requests and enables approvers to configure conditional questions to gather information for informed decision making.
  • Collaboration and streamlined approval: Facilitate collaboration between your vulnerability management and remediation teams by streamlining the approval process with clear and complete exception justifications.
  • Mandatory questionnaires: Block the submission of exception requests until mandatory questionnaires are completed. If a questionnaire is marked as mandatory, the test results and its associated remediation tasks remain in the 'Open' state until the questionnaire is completed and submitted.
  • If the questionnaire is incomplete, the state change approval record is saved as 'Draft'. Only after completing the questionnaire can the user submit the exception request, which will then move the test results or remediation tasks to the 'In Review' state.
Lookup rules enhancements
When you reapply Lookup rules, Discovered items (DIs) that have been inactive for more than 90 days are ignored. These Discovered items (DIs) are also excluded from licensing considerations. Removing them from the lookup logic can improve performance and reduce processing time.
  • Background job enhancements: New fields have been added to help you view successfully evaluate records, the time taken for processing, the time remaining, and an estimated number of records.
  • Improved accuracy for non-CSDM Vulnerability Response users: A system property (sn_sec_cmn.ci_lifecycle_status_source) has been introduced to help users who do not follow Common Service Data Model (CSDM) standards. This property ensures that Discovered items (DIs) and associated VITs are properly marked as Decommissioned and are excluded from the CI Lookup. Additionally, the Retired Configuration Items PA indicator has been updated to accurately reflect CIs based on the decommissioning flags.
Tenable.cs integrations with the Vulnerability Response and Container Vulnerability Response application
The Vulnerability Response Integration with Tenable application now supports data ingestion from Tenable.cs, enabling you to bring in cloud and container vulnerabilities directly into ServiceNow. This integration enhances your ability to prioritize and remediate vulnerabilities identified in Tenable cloud resources and container images. Key capabilities are:
  • Importing vulnerabilities discovered by Tenable.cs in cloud hosts and container images into ServiceNow automatically.
  • Enabling remediation workflows to triage, assign, and resolve the most critical vulnerabilities across cloud-native and containerized environments.
  • Using the Setup Assistant to easily configure credentials and integration parameters—get started with minimal manual setup.
  • Scheduling jobs to run periodically to import findings from Tenable.cs, create vulnerable items (for cloud hosts), create container vulnerable items and associate them with the relevant cloud resources and container image records.
Assess vulnerability exposure by publisher
Starting with v5.0 of Vulnerability Exposure Assessment, a publisher-based assessment is introduced that enables you to assess the vulnerability impact by vendor. For example, Microsoft, and Red Hat. By focusing on recently disclosed vulnerabilities from critical vendors, you can prioritize remediation and proactively address threats, improving your overall security posture.
View risk score details of a vulnerable item in the Work notes section
Starting with v25.0.3 of Vulnerability Response, the system property sn_sec_cmn.risk_score_changes_add_worknotes is inactive by default. If you enable it, only then you can see all the changes related to the risk score of a vulnerable item in the Work notes section. Additionally, the work notes are updated only if there’s a change in the risk score.
Quick Start Tests for Vulnerability Response

After upgrades and deployments of new applications or integrations, run quick start tests to verify that Vulnerability Response works as expected. If you customized Vulnerability Response, copy the quick start tests and configure them for your customizations.

Enhancements to exception rules handling
  • Exception rules are reevaluated with nightly scheduled jobs.
  • Vulnerable items that no longer match exception rule conditions are unlinked from remediation tasks.
  • A deferred vulnerable item (VIT) is reopened if it doesn’t match any active exception rules.
  • Exception rules don’t create remediation tasks. VITs are deferred directly and aren’t associated with a remediation task.
Tenable's endpoint scanning integration
Support for Tenable's endpoint scanning integration to retrieve scan metadata. The integration fetches scan details using the last_schedule_id from existing asset data in Tenable.io.
Reopened Count field on vulnerable items
Added the Reopened Count field on vulnerable items to track the number of times their states change from 'Closed' to 'Open' or to 'Active'.
Out-of-the-box vendor advisories via Common Security Advisory Framework (CSAF) integration
The following vendor advisories are configured out-of-the-box and are automatically activated when the Solution Management plugin is enabled: Redhat and Suse.

Activation information

Install Vulnerability Response by requesting it from the ServiceNow Store. Visit the ServiceNow Store website to view all the available apps and for information about submitting requests to the store. For cumulative release notes information for all released apps, see the ServiceNow Store version history release notes.