Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2024-5217
Analyzed
Known KEV
More InfoOfficial Page
Source-psirt@servicenow.com
View Known Exploited Vulnerability (KEV) details
Published At-10 Jul, 2024 | 17:15
Updated At-27 Nov, 2024 | 18:56

ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
2024-07-292024-08-19ServiceNow Incomplete List of Disallowed Inputs VulnerabilityApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Metrics
TypeVersionBase scoreBase severityVector
Secondary4.09.2CRITICAL
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Secondary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary3.19.8CRITICAL
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CPE Matches
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:-:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:early_availability:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_1:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_1:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_1a:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_1b:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_2:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_10:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_10_hotfix_1:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_10_hotfix_2:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_10a:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_10a_hotfix_1:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_10b:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_2:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_2_hotfix_1:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_2_hotfix_2:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_2_hotfix_3:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_2_hotfix_4:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_3:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_3_hotfix_1:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_3_hotfix_1b:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_4:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_1:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_2:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_2a:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_2b:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_3:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_3b:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_4:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_4b:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_5:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_5:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_5_hotfix_1:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_6:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_6_hotfix_1:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_6_hotfix_2:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_7:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_7_hotfix_1:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_7_hotfix_2:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_7a:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_7b:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_8:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_8_hotfix_2:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_9:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_9_hotfix_1:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_9_hotfix_1a:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>utah
cpe:2.3:a:servicenow:servicenow:utah:patch_9_hotfix_1b:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>vancouver
cpe:2.3:a:servicenow:servicenow:vancouver:-:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>vancouver
cpe:2.3:a:servicenow:servicenow:vancouver:patch_1:*:*:*:*:*:*
ServiceNow, Inc.
servicenow
>>servicenow>>vancouver
cpe:2.3:a:servicenow:servicenow:vancouver:patch_1_hotfix_1:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-184Secondarypsirt@servicenow.com
CWE-697Primarynvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293psirt@servicenow.com
Permissions Required
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1648313psirt@servicenow.com
Vendor Advisory
https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploitpsirt@servicenow.com
Press/Media Coverage
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293af854a3a-2127-422b-91ae-364da2661108
Permissions Required
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1648313af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploitaf854a3a-2127-422b-91ae-364da2661108
Press/Media Coverage
Change History
0Changes found
Details not found