Invicti - ServiceNow Application Vulnerable item source severity change by SecCommon System user

prit123 · ‎12-15-2025

When AVIT is created from Invicti, the source severity was High. But then it shows user SecCommon System updated Risk Score and Risk Rating from High to Medium. When checked we could see changes in Vulnerability table sn_vul_app_vul_entry. It too shows sam user has updated the record. When checked with Invicti, the source severity is high at there end. Can anyone tell what does it mean by updated by SecCommon System user. Does source severity gets change after creation and from where it gets changed?

MiravTMehta · ‎12-17-2025

Can you please open a Servicenow case task with necessary details. We'll have right folks look into this.

prit123 · ‎02-02-2026

The severity was changed due to change in Vulnerability severity(medium) instead of AVIT severity(High). In ServiceNow, when Vulnerability severity is changed then all the related AVIT's severity is being changed.

Kelly Logan · 2 weeks ago

Did anyone find the source here? We see whatever it is running separately from the integration runs, a little after midnight (last batch was around 12:13AM).

We are having a similar issue though in our case the Risk is increased and the VIT is left incorrectly in the low risk assignment group. I don't know why the recalculation is not set to re-assign when a VIT is significantly changed like this, particularly in VITs that are still Open.

FYI - We do have a workaround for our issue, though: The scheduled job "Reapply all vulnerability assignment rules" calls "sn_vul.AssignmentUtils().evaluateAssignmentRules()" which does a broad re-run of all assignment rules on all VIT (A/C/VIT). It is set to turn itself off again whenever it is run, but on our system it took 0.06 seconds to run, so we are considering it as a daily job after the recalcs run a little after midnight.