CVE-2024-4879

Warnung

Medienbericht

EPSS 94.35%
Veröffentlicht 10.07.2024 17:15:12
Zuletzt bearbeitet 03.11.2025 18:58:11
Quelle psirt@servicenow.com
CVE-Watchlists
Login
Unerledigt
Login

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Servicenow ≫ Servicenow Versionutah Update-

Servicenow ≫ Servicenow Versionutah Updateearly_availability

Servicenow ≫ Servicenow Versionutah Updatepatch_1

Servicenow ≫ Servicenow Versionutah Updatepatch_1_hotfix_1

Servicenow ≫ Servicenow Versionutah Updatepatch_1_hotfix_1a

Servicenow ≫ Servicenow Versionutah Updatepatch_1_hotfix_1b

Servicenow ≫ Servicenow Versionutah Updatepatch_1_hotfix_2

Servicenow ≫ Servicenow Versionutah Updatepatch_10

Servicenow ≫ Servicenow Versionutah Updatepatch_10_hotfix_1

Servicenow ≫ Servicenow Versionutah Updatepatch_10_hotfix_2

Servicenow ≫ Servicenow Versionutah Updatepatch_10a

Servicenow ≫ Servicenow Versionutah Updatepatch_10a_hotfix_1

Servicenow ≫ Servicenow Versionutah Updatepatch_2

Servicenow ≫ Servicenow Versionutah Updatepatch_2_hotfix_1

Servicenow ≫ Servicenow Versionutah Updatepatch_2_hotfix_2

Servicenow ≫ Servicenow Versionutah Updatepatch_2_hotfix_3

Servicenow ≫ Servicenow Versionutah Updatepatch_2_hotfix_4

Servicenow ≫ Servicenow Versionutah Updatepatch_3

Servicenow ≫ Servicenow Versionutah Updatepatch_3_hotfix_1

Servicenow ≫ Servicenow Versionutah Updatepatch_3_hotfix_1b

Servicenow ≫ Servicenow Versionutah Updatepatch_4

Servicenow ≫ Servicenow Versionutah Updatepatch_4_hotfix_1

Servicenow ≫ Servicenow Versionutah Updatepatch_4_hotfix_2

Servicenow ≫ Servicenow Versionutah Updatepatch_4_hotfix_2a

Servicenow ≫ Servicenow Versionutah Updatepatch_4_hotfix_2b

Servicenow ≫ Servicenow Versionutah Updatepatch_4_hotfix_3

Servicenow ≫ Servicenow Versionutah Updatepatch_4_hotfix_3b

Servicenow ≫ Servicenow Versionutah Updatepatch_4_hotfix_4

Servicenow ≫ Servicenow Versionutah Updatepatch_4_hotfix_4b

Servicenow ≫ Servicenow Versionutah Updatepatch_4_hotfix_5

Servicenow ≫ Servicenow Versionutah Updatepatch_5

Servicenow ≫ Servicenow Versionutah Updatepatch_5_hotfix_1

Servicenow ≫ Servicenow Versionutah Updatepatch_6

Servicenow ≫ Servicenow Versionutah Updatepatch_6_hotfix_1

Servicenow ≫ Servicenow Versionutah Updatepatch_6_hotfix_2

Servicenow ≫ Servicenow Versionutah Updatepatch_7

Servicenow ≫ Servicenow Versionutah Updatepatch_7_hotfix_1

Servicenow ≫ Servicenow Versionutah Updatepatch_7_hotfix_2

Servicenow ≫ Servicenow Versionutah Updatepatch_7a

Servicenow ≫ Servicenow Versionutah Updatepatch_7b

Servicenow ≫ Servicenow Versionutah Updatepatch_8

Servicenow ≫ Servicenow Versionutah Updatepatch_8_hotfix_2

Servicenow ≫ Servicenow Versionutah Updatepatch_9

Servicenow ≫ Servicenow Versionutah Updatepatch_9_hotfix_1

Servicenow ≫ Servicenow Versionutah Updatepatch_9_hotfix_1a

Servicenow ≫ Servicenow Versionutah Updatepatch_9_hotfix_1b

Servicenow ≫ Servicenow Versionvancouver Update-

Servicenow ≫ Servicenow Versionvancouver Updatepatch_1

Servicenow ≫ Servicenow Versionvancouver Updatepatch_1_hotfix_1

Servicenow ≫ Servicenow Versionvancouver Updatepatch_10

Servicenow ≫ Servicenow Versionvancouver Updatepatch_2

Servicenow ≫ Servicenow Versionvancouver Updatepatch_2_hotfix_1

Servicenow ≫ Servicenow Versionvancouver Updatepatch_2_hotfix_1a

Servicenow ≫ Servicenow Versionvancouver Updatepatch_2_hotfix_2

Servicenow ≫ Servicenow Versionvancouver Updatepatch_2_hotfix_3

Servicenow ≫ Servicenow Versionvancouver Updatepatch_2_hotfix1a

Servicenow ≫ Servicenow Versionvancouver Updatepatch_3

Servicenow ≫ Servicenow Versionvancouver Updatepatch_3_hotfix_1

Servicenow ≫ Servicenow Versionvancouver Updatepatch_3_hotfix_2

Servicenow ≫ Servicenow Versionvancouver Updatepatch_3_hotfix_3

Servicenow ≫ Servicenow Versionvancouver Updatepatch_3_hotfix_4

Servicenow ≫ Servicenow Versionvancouver Updatepatch_4

Servicenow ≫ Servicenow Versionvancouver Updatepatch_4_hotfix_1

Servicenow ≫ Servicenow Versionvancouver Updatepatch_4_hotfix_1a

Servicenow ≫ Servicenow Versionvancouver Updatepatch_4_hotfix_1b

Servicenow ≫ Servicenow Versionvancouver Updatepatch_4_hotfix_2b

Servicenow ≫ Servicenow Versionvancouver Updatepatch_5

Servicenow ≫ Servicenow Versionvancouver Updatepatch_5_hotfix_1

Servicenow ≫ Servicenow Versionvancouver Updatepatch_6

Servicenow ≫ Servicenow Versionvancouver Updatepatch_6_hotfix_1

Servicenow ≫ Servicenow Versionvancouver Updatepatch_7

Servicenow ≫ Servicenow Versionvancouver Updatepatch_7_hotfix_1

Servicenow ≫ Servicenow Versionvancouver Updatepatch_7_hotfix_1a

Servicenow ≫ Servicenow Versionvancouver Updatepatch_7_hotfix_2

Servicenow ≫ Servicenow Versionvancouver Updatepatch_7_hotfix_2a

Servicenow ≫ Servicenow Versionvancouver Updatepatch_7_hotfix_2b

Servicenow ≫ Servicenow Versionvancouver Updatepatch_7_hotfix_3a

Servicenow ≫ Servicenow Versionvancouver Updatepatch_8

Servicenow ≫ Servicenow Versionvancouver Updatepatch_8_hotfix_1

Servicenow ≫ Servicenow Versionvancouver Updatepatch_8_hotfix_2

Servicenow ≫ Servicenow Versionvancouver Updatepatch_8_hotfix_3

Servicenow ≫ Servicenow Versionvancouver Updatepatch_9

Servicenow ≫ Servicenow Versionwashington_dc Update-

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_1

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_1_hotfix_1

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_1_hotfix_2

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_1_hotfix_2a

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_2

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_2_hotfix_1

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_3

29.07.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog

ServiceNow Improper Input Validation Vulnerability

Schwachstelle

ServiceNow Utah, Vancouver, and Washington DC Now Platform releases contain a jelly template injection vulnerability in UI macros. An unauthenticated user could exploit this vulnerability to execute code remotely.

Beschreibung

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	94.35%	1

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
psirt@servicenow.com	9.3	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
psirt@servicenow.com	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-1287 Improper Validation of Specified Type of Input

The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293

Permissions Required

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1645154

Vendor Advisory

https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit

Third Party Advisory

Press/Media Coverage

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4879

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2024-4879

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-4879

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-4879

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-4879

29.07.2024: CISA Known Exploited Vulnerabilities (KEV) Catalog