Notifications

158 views

Description

Risk Assessment assigns incorrect risk value to a change request if all questions are answered with the lowest scoring option. This issue occurs if the threshold on the lowest risk is changed from 0 to a number equal or greater to the number of questions minus one.

Steps to Reproduce

  1. Activate the Risk Assessment plugin.
  2. Modify the Low Threshold in the Change Risk Assessment from 0 to 4.
  3. Create a new Emergency Change Request and save it.
    3. Complete Risk Assessment only picking the following options: "Not critical", "Easy", "Easy", "Yes", "Easy". Observe only the risk conditions affect the change request.
  4. Navigate to the asmt_metric_result.list.
  5. Add the Normalized Value column to the list view.
  6. Filter on source column by the number of Change Request previously created. Observe one of the metrics has a negative normalized value.

Workaround

This problem has been fixed. If you are able to upgrade, review the Fixed In section to determine the latest version with a permanent fix your instance can be upgraded to.

As a workaround, the low risk threshold should be always set to 0. As this is the lowest possible total for the assessment, this ensures the risk is still assigned correctly in case the questions become non-mandatory or removed.


Related Problem: PRB1375719

Seen In

SR - IRM - Audit Management - New York 2019 Q3
SR - IRM - GRC Profiles - Madrid 2019 Q2
SR - IRM - Policy and Compliance - Madrid 2019 Q2
SR - IRM - Risk Management - New York 2019 Q3
SR - Security - Integration Framework - Madrid 2019 Q2
SR - Security - Support Common - Madrid 2019 Q2
SR - Security - Support Orchestration - Madrid 2019 Q2
SR - SIR - PhishTank Kingston r1 - v5.0.9
SR - SIR - RiskIQ Integration - New York 2019 Q3
SR - SIR - Security Incident Response - Madrid 2019 Q2
SR - SIR - Security Incident Response PA Content - New York 2019 Q3
SR - SIR - Security Incident Response UI Patch - London 2019 Q2 v.6.2.3
SR - SIR - Store SecOps Setup Assistant - Madrid 2019 Q2
SR - SIR - Store Threat Core - Madrid 2019 Q2
SR - SIR - Store Trusted Security Circles Client - New York 2019 Q3
SR - SIR - Threat intelligence - New York 2019 Q3
SR - SIR - VirusTotal Integration - New York 2019 Q3
SR - VR - Solution Management Madrid Q2
SR - VR - Vulnerability Response - New York 2019 Q3
SR - VR - Vulnerability Response PA Content - Madrid 2019 Q2

Intended Fix Version

Paris

Fixed In

New York Patch 7
Orlando Patch 2

Safe Harbor Statement

This "Intended Fix Version" information is meant to outline ServiceNow's general product direction and should not be relied upon in making a purchasing decision. The information provided here is for information purposes only and may not be incorporated into any contract. It is not a commitment, promise, or legal obligation to deliver any material, code, or functionality. The development, release, and timing of any features or functionality described for our products remains at ServiceNow's sole discretion.

Associated Community Threads

There is no data to report.

Article Information

Last Updated:2020-05-28 01:07:41
Published:2020-03-07