CVE-2024-5217 - ServiceNow Utah, Vancouver, and Washington DC Now Platform
AI Vulnerability ContextServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not do...
Overview
A source-backed snapshot of this vulnerability.
ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
Vulnerability status
How serious this vulnerability is and whether it is known to be exploited.
- CVE ID
- CVE-2024-5217
- Vendor/project
- ServiceNow
- Product
- Utah, Vancouver, and Washington DC Now Platform
- Vulnerability name
- ServiceNow Incomplete List of Disallowed Inputs Vulnerability
- Date added
- 2024-07-29
- Due date
- 2024-08-19
- Known ransomware campaign use
- Unknown
- CVSS v3
- 9.8
- CVSS v4
- 9.2
Exploit context
What the vulnerability is about.
ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
Source evidence
Original public records and references for this page.
Original source
Original source links
Open the public records and source datasets used for this page.
