← Volver a CVEs
CVE-2024-4879
CRITICALCISA KEV9.8
Descripcion
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado7/10/2024
Ultima modificacion11/3/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorServiceNow
ProductoUtah, Vancouver, and Washington DC Now Platform
Nombre vulnerabilidadServiceNow Improper Input Validation Vulnerability
Fecha inclusion KEV2024-07-29
Fecha limite remediacion2024-08-19
Uso en ransomwareUnknown
Productos afectados
servicenow:servicenow
Debilidades (CWE)
CWE-1287
Referencias
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293(psirt@servicenow.com)
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1645154(psirt@servicenow.com)
https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit(psirt@servicenow.com)
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293(af854a3a-2127-422b-91ae-364da2661108)
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1645154(af854a3a-2127-422b-91ae-364da2661108)
https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4879(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.