CVE-2024-8924

EPSS 0.6%
Veröffentlicht 29.10.2024 17:15:04
Zuletzt bearbeitet 27.11.2024 19:32:01
Quelle psirt@servicenow.com
CVE-Watchlists
Login
Unerledigt
Login

ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information. ServiceNow deployed an update to hosted instances, and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Servicenow ≫ Servicenow Versionxanadu Update-

Servicenow ≫ Servicenow Versionxanadu Updateearly_availability

Servicenow ≫ Servicenow Versionxanadu Updateearly_availability_hotfix_1

Servicenow ≫ Servicenow Versionvancouver Update-

Servicenow ≫ Servicenow Versionvancouver Updateearly_availability

Servicenow ≫ Servicenow Versionvancouver Updateearly_availability_hotfix_1

Servicenow ≫ Servicenow Versionvancouver Updateearly_availability_hotfix_2

Servicenow ≫ Servicenow Versionvancouver Updatepatch_1

Servicenow ≫ Servicenow Versionvancouver Updatepatch_1_hotfix_1

Servicenow ≫ Servicenow Versionvancouver Updatepatch_10

Servicenow ≫ Servicenow Versionvancouver Updatepatch_10_hotfix_1

Servicenow ≫ Servicenow Versionvancouver Updatepatch_2

Servicenow ≫ Servicenow Versionvancouver Updatepatch_2_hotfix_1

Servicenow ≫ Servicenow Versionvancouver Updatepatch_2_hotfix_1a

Servicenow ≫ Servicenow Versionvancouver Updatepatch_2_hotfix_2

Servicenow ≫ Servicenow Versionvancouver Updatepatch_2_hotfix_3

Servicenow ≫ Servicenow Versionvancouver Updatepatch_2_hotfix1a

Servicenow ≫ Servicenow Versionvancouver Updatepatch_3

Servicenow ≫ Servicenow Versionvancouver Updatepatch_3_hotfix_1

Servicenow ≫ Servicenow Versionvancouver Updatepatch_3_hotfix_2

Servicenow ≫ Servicenow Versionvancouver Updatepatch_3_hotfix_3

Servicenow ≫ Servicenow Versionvancouver Updatepatch_3_hotfix_4

Servicenow ≫ Servicenow Versionvancouver Updatepatch_4

Servicenow ≫ Servicenow Versionvancouver Updatepatch_4_hotfix_1

Servicenow ≫ Servicenow Versionvancouver Updatepatch_4_hotfix_1a

Servicenow ≫ Servicenow Versionvancouver Updatepatch_4_hotfix_1b

Servicenow ≫ Servicenow Versionvancouver Updatepatch_4_hotfix_2b

Servicenow ≫ Servicenow Versionvancouver Updatepatch_5

Servicenow ≫ Servicenow Versionvancouver Updatepatch_5_hotfix_1

Servicenow ≫ Servicenow Versionvancouver Updatepatch_6

Servicenow ≫ Servicenow Versionvancouver Updatepatch_6_hotfix_1

Servicenow ≫ Servicenow Versionvancouver Updatepatch_6_hotfix_2

Servicenow ≫ Servicenow Versionvancouver Updatepatch_7

Servicenow ≫ Servicenow Versionvancouver Updatepatch_7_hotfix_1

Servicenow ≫ Servicenow Versionvancouver Updatepatch_7_hotfix_1a

Servicenow ≫ Servicenow Versionvancouver Updatepatch_7_hotfix_2

Servicenow ≫ Servicenow Versionvancouver Updatepatch_7_hotfix_2a

Servicenow ≫ Servicenow Versionvancouver Updatepatch_7_hotfix_2b

Servicenow ≫ Servicenow Versionvancouver Updatepatch_7_hotfix_3a

Servicenow ≫ Servicenow Versionvancouver Updatepatch_7_hotfix_3b

Servicenow ≫ Servicenow Versionvancouver Updatepatch_7_hotfix_4

Servicenow ≫ Servicenow Versionvancouver Updatepatch_7_hotifix_1a

Servicenow ≫ Servicenow Versionvancouver Updatepatch_7_hotifix_1b

Servicenow ≫ Servicenow Versionvancouver Updatepatch_7_hotifix_2a

Servicenow ≫ Servicenow Versionvancouver Updatepatch_7_hotifix_2b

Servicenow ≫ Servicenow Versionvancouver Updatepatch_8

Servicenow ≫ Servicenow Versionvancouver Updatepatch_8_hotfix_1

Servicenow ≫ Servicenow Versionvancouver Updatepatch_8_hotfix_2

Servicenow ≫ Servicenow Versionvancouver Updatepatch_8_hotfix_3

Servicenow ≫ Servicenow Versionvancouver Updatepatch_8_hotfix_4

Servicenow ≫ Servicenow Versionvancouver Updatepatch_8_hotfix_5

Servicenow ≫ Servicenow Versionvancouver Updatepatch_9

Servicenow ≫ Servicenow Versionvancouver Updatepatch_9_hotfix_1

Servicenow ≫ Servicenow Versionvancouver Updatepatch_9_hotfix_2

Servicenow ≫ Servicenow Versionvancouver Updatepatch_9_hotfix_2a

Servicenow ≫ Servicenow Versionvancouver Updatepatch_9_hotfix_2b

Servicenow ≫ Servicenow Versionvancouver Updatepatch_9_hotfix_3a

Servicenow ≫ Servicenow Versionwashington_dc Update-

Servicenow ≫ Servicenow Versionwashington_dc Updateearly_availability

Servicenow ≫ Servicenow Versionwashington_dc Updateearly_availability_hotfix_1

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_1

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_1_hotfix_1

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_1_hotfix_2

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_1_hotfix_2a

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_1_hotfix_2b

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_1_hotfix_3b

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_2

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_2_hotfix_1

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_2_hotfix_2

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_3

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_3_hotfix_1

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_3_hotfix_2

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_3_hotfix_3

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_4

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_4_hotfix_1

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_4_hotfix_1a

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_4_hotfix_1b

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_4_hotfix_2

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_4_hotfix_2a

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_5

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_5_hotfix_1

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_5_hotfix_2

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_5_hotfix_3

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_5_hotfix_4

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_5_hotfix_5

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_5_hotfix_6

Servicenow ≫ Servicenow Versionwashington_dc Updatepatch_6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.6%	0.686

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
psirt@servicenow.com	8.7	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
psirt@servicenow.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1706072

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-8924

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-8924

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-8924

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-8924