Unauthenticated Blind SQL Injection in Core Platform
CVE-2024-8924

7.5HIGH

Key Information:

Vendor: Servicenow
Status: Now Platform
Vendor: CVE Published:; 29 October 2024

What is CVE-2024-8924?

A blind SQL injection vulnerability was found in ServiceNow's Now Platform, permitting unauthorized data extraction by unauthenticated users. This exposure may lead to sensitive information being compromised. ServiceNow has promptly addressed this issue and deployed patches across hosted instances. Additionally, updates have been made available to partners and self-hosted customers, reinforcing the importance of maintaining the latest security updates to mitigate potential risks.

Affected Version(s)

Now Platform 0

References

https://support.servicenow.com/kb?id=kb_article_view&sysp...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 29, 2024

Credit

T-Mobile

Servicenow

What is CVE-2024-8924?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit