Exciting news! Thirdera has been acquired by Cognizant.

Contact Us
language switcher Language:

Get Ready for ServiceNow Vulnerability Response NVD Integration Deprecation

In the ever-evolving landscape of cybersecurity, staying ahead of vulnerabilities is crucial. As organizations strive to fortify their defenses, tools like ServiceNow Vulnerability Response play a pivotal role. However, recent developments in the National Vulnerability Database (NVD) will require users to upgrade their ServiceNow Vulnerability Response plugins to support the new 2.0 API.


The Evolution of NVD

The NVD has long been a cornerstone for cybersecurity professionals, providing a comprehensive repository of vulnerability information. Recognizing the need for improvement, the NVD has deprecated its 1.0 API, signaling a shift towards a more robust and feature-rich 2.0 API.


Why the Upgrade Matters

For ServiceNow users leveraging the Vulnerability Response application, the deprecation of the 1.0 API means that existing integrations will no longer be supported as of December 15th, 2023. If users do not transition to the 2.0 API before this day, the NVD integration will no longer be functional. To maintain seamless vulnerability management and ensure your organization is equipped to handle the latest threats, it's imperative to upgrade your NVD plugin to support the 2.0 API. The below plugin versions are required to support the NVD 2.0 API:

  • Vulnerability Response Integration with NVD: 1.3.3 or newer (1.4.2 Recommended)
  • Vulnerability Response: 17.1.4 or newer (20.2.3 Recommended)

Once the plugins have been upgraded, you will need to activate the new integration jobs that leverage the 2.0 API. 



An additional consideration while upgrading the integration is to begin using an API key if you are not already. While not required, using an API key increases the API call limit to the NVD and reduces integration job failures due to rate limiting.


What's next? 

For ServiceNow Vulnerability Response users, the transition should be seamless once the new jobs are activated. If you would like to find more information on the differences between the 1.0 API and 2.0 API, see the transition guide on NIST's NVD website.

NVD API Key Information is available here

ServiceNow has provided information about this change on the Security Operations community page


Tommy LaMonte

Tommy is part of Thirdera's ServiceNow Security and Risk practice with over 9 years of experience on the ServiceNow platform. He has guided customers through a variety of ServiceNow implementations and improvements across ITSM, SecOps, IRM and more, from identifying areas to get the most value out of implementations to architecting best practice solutions.
[blog, security-risk] [Blog, Security & Risk]