ServiceNow Addresses Input Validation Vulnerability in Now Platform
CVE-2024-5217

9.2CRITICAL

Key Information:

Vendor: Servicenow
Status: Now Platform
Vendor: CVE Published:; 10 July 2024

Badges

👾 Exploit Exists🟣 EPSS 94%🦅 CISA Reported📰 News Worthy

What is CVE-2024-5217?

An input validation vulnerability has been discovered in the ServiceNow Now Platform, affecting the Washington DC and Vancouver releases, as well as earlier versions. This security flaw allows unauthenticated users to execute arbitrary code remotely within the Now Platform environment, posing a significant risk to organizations relying on this platform. ServiceNow has released patches and hotfixes during the June 2024 patching cycle to address this vulnerability. It is imperative for users to apply the appropriate security patches to mitigate the potential risks associated with this vulnerability.

CISA has reported CVE-2024-5217

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2024-5217 as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Affected Version(s)

Now Platform 0

News Articles

The Record from Recorded Future News

CVE-2024-4879 CVE-2024-5217

Critical ServiceNow vulnerabilities being targeted by hackers, cyber agency warns

The Cybersecurity and Infrastructure Security Agency (CISA) said hackers are trying to exploit the bugs, giving federal civilian agencies until August 19 to patch them.