Find your people. Pick a challenge. Ship something real. The CreatorCon Hackathon is coming to the Community Pavilion for one epic night. Every skill level, every role welcome. Join us on May 5th and learn more here.

Essential Information: VR to USEM Upgrade Guidance

andy_ojha
ServiceNow Employee

‎12-19-2025 03:53 PM - edited ‎03-20-2026 02:20 PM

USEM Launch Details 

USEM - Unified Security Exposure Management - is the next evolution of Vulnerability Response (VR)

  • USEM features are made available in Vulnerability Response v30x

  • Vulnerability Response v30x was officially launched and released on Dec 11, 2025

It is essential to carefully review the following information to ensure a successful deployment of USEM on your ServiceNow instance.  

USEM Upgrade Timeline Guidance 

Customers are encouraged to start planning to upgrade their existing Vulnerability Response (VR) deployments to VR v30x (USEM Functionality) at this time.  Several resources are available via the SecOps Resource Library (USEM Page).

 

When will it be mandatory, to upgrade to USEM Functionality (VR v30x)?

  • Current guidance at this time, is that USEM (VR v30x) will be the minimum supported version of VR as customers upgrade to the Brazil Platform Family Release 

  • This means, if you have a version of Vulnerability Response (VR) installed, and it is not on the USEM version (VR v30x or higher) - when you upgrade your ServiceNow Platform to the Brazil family release, your Vulnerability Response (VR) implementation will automatically be forced to the USEM version (VR v30x)

    • In this situation, you will need to complete the VR -> USEM Migration via the USEM Migration Assistant 

    • This is not an ideal path, as generally this may not provide enough time for testing/validation/communication/enablement

  • Customers are strongly encouraged to plan and perform their migration to USEM Functionality (VR v30x) prior to the "forced true-up" that the Brazil family platform release 

 

USEM call to action.png

 

 

USEM Store App Guidance


Installing VR for the first time (new installation)

  • Proceed to using the Application Manager on your ServiceNow instance 

  • Install the current v30x of Vulnerability Response 

    • As of Jan 2026, this will be version 30.2.5 of Vulnerability Response (sn_vul)

    • This will automatically install related dependencies for USEM functionality

    • USEM functionality is delivered with VR v30x (i.e. v30.0.0 or higher)


Upgrading Existing VR Installation to USEM

  • IMPORTANT: Do NOT use the Application Manager on your ServiceNow instance for upgrading VR to USEM (VR v30x)

  • ServiceNow has created a utility called the "Migration Assistant for USEM"

    • This utility, should be used to handle the Store App upgrade from VR to USEM (VR v30x)

    • This utility, also handles the data migration involved with this upgrade of VR to USEM (VR v30x)

    • The first step of the VR to USEM Migration, involves installing the Store App named "Unified Security Exposure Management"

      • This WILL NOT trigger the actual VR -> USEM (VR v30x) Upgrade

      • This will simply provide access to the USEM Migration Assistant

  • Please review the Support Knowledge Base Article (Support login required)


Upgrading VR to USEM - Please Use the Migration Assistant for USEM (do not use Application Manager)

andy_ojha_0-1766181295233.png

 

Additional Resources 

For more information on USEM capabilities - please review the following Community Article:

 

  • 4,956 Views
Comments
Simon Hendery
Tera Patron
‎12-19-2025 04:16 PM

Exciting! USEM is a big deal. 

BradleyGSource
Tera Contributor
2 weeks ago

The migration tool only allows you to upgrade your applications to the most recent version of each application in the suite. This is likely an edge case however I am in the process of performing our upgrade and new versions have been released. This has prevented me from using the migration tool to upgrade to the versions that we have tested.

 

Additionally, it would appear as if the most recent version of Vulnerability Response has a dependency on 'Central Vulnerability Database' which appears to be a paid application that requires a subscription. It looks like users will be strongarmed to pay more for the continued use of some of the VR suite.

 

This has put a downer on my weekend, given that i am in the middle of a change/upgrade.

0 Helpfuls
Sarath S
ServiceNow Employee
Wednesday

Hi @Bradley,

Thanks for raising this  and I completely understand the frustration, especially in the middle of an upgrade window. I want to clarify one important point: customers entitled to Vulnerability Response (VR) are automatically entitled to the Central Vulnerability Database (CVDB) Store application. There is no additional licensing or subscription required.

 

Central Vulnerability Database is supported only with the USEM version. 

 

Thanks,

Sarath S

0 Helpfuls
BradleyGSource
Tera Contributor
Thursday

This wasn't the case during our upgrade. We have now been told that there must have been some sort of sync issue with our subscription.

0 Helpfuls
Version history
Last update:
‎03-20-2026 02:20 PM
Updated by:
ServiceNow Employee
Contributors