CVE-2024-4879 - ServiceNow Utah, Vancouver, and Washington DC Now Platform
AI Vulnerability ContextServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and ho...
Overview
A source-backed snapshot of this vulnerability.
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
Vulnerability status
How serious this vulnerability is and whether it is known to be exploited.
- CVE ID
- CVE-2024-4879
- Vendor/project
- ServiceNow
- Product
- Utah, Vancouver, and Washington DC Now Platform
- Vulnerability name
- ServiceNow Improper Input Validation Vulnerability
- Date added
- 2024-07-29
- Due date
- 2024-08-19
- Known ransomware campaign use
- Unknown
- CVSS v3
- 9.8
- CVSS v4
- 9.3
Exploit context
What the vulnerability is about.
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
Source evidence
Original public records and references for this page.
Original source
Original source links
Open the public records and source datasets used for this page.
