10
CVE-2024-8923
- EPSS 0.83%
- Veröffentlicht 29.10.2024 16:15:06
- Zuletzt bearbeitet 27.11.2024 19:31:56
- Quelle psirt@servicenow.com
- CVE-Watchlists
- Unerledigt
LoginServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow deployed an update to hosted instances and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Servicenow ≫ Servicenow Versionxanadu Updateearly_availability
Servicenow ≫ Servicenow Versionxanadu Updateearly_availability_hotfix_1
Servicenow ≫ Servicenow Versionwashington_dc Update-
Servicenow ≫ Servicenow Versionwashington_dc Updateearly_availability
Servicenow ≫ Servicenow Versionwashington_dc Updateearly_availability_hotfix_1
Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_1
Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_1_hotfix_1
Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_1_hotfix_2
Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_1_hotfix_2a
Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_1_hotfix_2b
Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_1_hotfix_3b
Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_2
Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_2_hotfix_1
Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_2_hotfix_2
Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_3
Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_3_hotfix_1
Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_3_hotfix_2
Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_3_hotfix_3
Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_4
Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_4_hotfix_1
Servicenow ≫ Servicenow Versionvancouver Update-
Servicenow ≫ Servicenow Versionvancouver Updateearly_availability
Servicenow ≫ Servicenow Versionvancouver Updateearly_availability_hotfix_1
Servicenow ≫ Servicenow Versionvancouver Updateearly_availability_hotfix_2
Servicenow ≫ Servicenow Versionvancouver Updatepatch_1
Servicenow ≫ Servicenow Versionvancouver Updatepatch_1_hotfix_1
Servicenow ≫ Servicenow Versionvancouver Updatepatch_2
Servicenow ≫ Servicenow Versionvancouver Updatepatch_2_hotfix_1
Servicenow ≫ Servicenow Versionvancouver Updatepatch_2_hotfix_1a
Servicenow ≫ Servicenow Versionvancouver Updatepatch_2_hotfix_2
Servicenow ≫ Servicenow Versionvancouver Updatepatch_2_hotfix_3
Servicenow ≫ Servicenow Versionvancouver Updatepatch_2_hotfix1a
Servicenow ≫ Servicenow Versionvancouver Updatepatch_3
Servicenow ≫ Servicenow Versionvancouver Updatepatch_3_hotfix_1
Servicenow ≫ Servicenow Versionvancouver Updatepatch_3_hotfix_2
Servicenow ≫ Servicenow Versionvancouver Updatepatch_3_hotfix_3
Servicenow ≫ Servicenow Versionvancouver Updatepatch_3_hotfix_4
Servicenow ≫ Servicenow Versionvancouver Updatepatch_4
Servicenow ≫ Servicenow Versionvancouver Updatepatch_4_hotfix_1
Servicenow ≫ Servicenow Versionvancouver Updatepatch_4_hotfix_1a
Servicenow ≫ Servicenow Versionvancouver Updatepatch_4_hotfix_1b
Servicenow ≫ Servicenow Versionvancouver Updatepatch_4_hotfix_2b
Servicenow ≫ Servicenow Versionvancouver Updatepatch_5
Servicenow ≫ Servicenow Versionvancouver Updatepatch_5_hotfix_1
Servicenow ≫ Servicenow Versionvancouver Updatepatch_6
Servicenow ≫ Servicenow Versionvancouver Updatepatch_6_hotfix_1
Servicenow ≫ Servicenow Versionvancouver Updatepatch_6_hotfix_2
Servicenow ≫ Servicenow Versionvancouver Updatepatch_7
Servicenow ≫ Servicenow Versionvancouver Updatepatch_7_hotfix_1
Servicenow ≫ Servicenow Versionvancouver Updatepatch_7_hotfix_1a
Servicenow ≫ Servicenow Versionvancouver Updatepatch_7_hotfix_2
Servicenow ≫ Servicenow Versionvancouver Updatepatch_7_hotfix_2a
Servicenow ≫ Servicenow Versionvancouver Updatepatch_7_hotfix_2b
Servicenow ≫ Servicenow Versionvancouver Updatepatch_7_hotfix_3a
Servicenow ≫ Servicenow Versionvancouver Updatepatch_7_hotfix_3b
Servicenow ≫ Servicenow Versionvancouver Updatepatch_7_hotfix_4
Servicenow ≫ Servicenow Versionvancouver Updatepatch_7_hotifix_1a
Servicenow ≫ Servicenow Versionvancouver Updatepatch_7_hotifix_1b
Servicenow ≫ Servicenow Versionvancouver Updatepatch_7_hotifix_2a
Servicenow ≫ Servicenow Versionvancouver Updatepatch_7_hotifix_2b
Servicenow ≫ Servicenow Versionvancouver Updatepatch_8
Servicenow ≫ Servicenow Versionvancouver Updatepatch_8_hotfix_1
Servicenow ≫ Servicenow Versionvancouver Updatepatch_8_hotfix_2
Servicenow ≫ Servicenow Versionvancouver Updatepatch_8_hotfix_3
Servicenow ≫ Servicenow Versionvancouver Updatepatch_8_hotfix_4
Servicenow ≫ Servicenow Versionvancouver Updatepatch_8_hotfix_5
Servicenow ≫ Servicenow Versionvancouver Updatepatch_9
Servicenow ≫ Servicenow Versionvancouver Updatepatch_9_hotfix_1
Servicenow ≫ Servicenow Versionvancouver Updatepatch_9_hotfix_2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.83% | 0.739 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 10 | 3.9 | 6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
|
| psirt@servicenow.com | 9.3 | 0 | 0 |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
|
| psirt@servicenow.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-94 Improper Control of Generation of Code ('Code Injection')
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.