← Volver a CVEs
CVE-2024-5217
CRITICALCISA KEV9.8
Descripcion
ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
Detalles CVE
Puntuacion CVSS v3.19.8
SeveridadCRITICAL
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado7/10/2024
Ultima modificacion11/3/2025
Fuentekev
Avistamientos honeypot0
CISA KEV
VendedorServiceNow
ProductoUtah, Vancouver, and Washington DC Now Platform
Nombre vulnerabilidadServiceNow Incomplete List of Disallowed Inputs Vulnerability
Fecha inclusion KEV2024-07-29
Fecha limite remediacion2024-08-19
Uso en ransomwareUnknown
Productos afectados
servicenow:servicenow
Debilidades (CWE)
CWE-184CWE-697
Referencias
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293(psirt@servicenow.com)
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1648313(psirt@servicenow.com)
https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit(psirt@servicenow.com)
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293(af854a3a-2127-422b-91ae-364da2661108)
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1648313(af854a3a-2127-422b-91ae-364da2661108)
https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-5217(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.