Vulnerability Response application does not populate NVD and CVSS 3.0 librariesIssue After Vulnerability Response application is installed, the below scheduled jobs should be executed to populate CWE, NVD and Third Party libraries in the instance: CWE Comprehensive 2000 IntegrationNIST National Vulnerability Database Even though the job is executed, the data is not populated in the instance. ReleaseAll versionsCauseWhen the jobs are executed, the Outbound HTTP calls are sent from ServiceNow to below end points : nvd.nist.gov cwe.mitre.org The script include "NVDDownload" is responsible for triggering the API calls. Running the code below (from Script include) in the background script returns a list of URLS which will be used as end points to retrieve the libraries. var nvdGr=new GlideRecord("sn_vul_nvd_repo");var query = "use_legacy=false^ORuse_legacy=null";nvdGr.addActiveQuery();nvdGr.addEncodedQuery(query);nvdGr.query();while(nvdGr.next()) {gs.log(nvdGr.getValue("json_url"));} Results from script : *** Script: https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2015.json.zip*** Script: https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2013.json.zip*** Script: https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2009.json.zip*** Script: https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2006.json.zip*** Script: https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2019.json.zip*** Script: https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2012.json.zip*** Script: https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2018.json.zip*** Script: https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2011.json.zip*** Script: https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2005.json.zip*** Script: https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2008.json.zip*** Script: https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2004.json.zip*** Script: https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2014.json.zip*** Script: https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2007.json.zip*** Script: https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2010.json.zip*** Script: https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2016.json.zip*** Script: https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2017.json.zip In case of failure, the above URLs are not returned by the background script.ResolutionVerify if the "Automatically Update" field of the "sn_vul_nvd_repo" records is false. If it is false, change the value to 'True' for all records, and run the job again. Also, OOB, the VR application is shipped with version 1.0 of the NVD and CWE libraries. Latest version supported by Servicenow is 1.1, which also retrieves CVSS 3.0 scores for the VIs. To retrieve the latest CVSS scores, please change the JSON URL version from 1.0 to 1.1 for all records and run the job again. For example, the url for 1.0 version : https://nvd.nist.gov/feeds/json/cve/1.0/nvdcve-1.0-2017.json.zip the url for 1.1 version would be : https://nvd.nist.gov/feeds/json/cve/1.1/nvdcve-1.1-2019.json.zip