← Back to CVEs
CVE-2024-5890
MEDIUM4.3
Description
ServiceNow has addressed an HTML injection vulnerability that was identified in the Now Platform. This vulnerability could potentially enable an unauthenticated user to modify a web page or redirect users to another website. ServiceNow released updates to customers that addressed this vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance(s) as soon as possible.
CVE Details
CVSS v3.1 Score4.3
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionREQUIRED
Published12/2/2024
Last Modified12/2/2024
Sourcenvd
Honeypot Sightings0
Weaknesses (CWE)
CWE-79
References
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1710511(psirt@servicenow.com)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.