CVE-2024-4879

July 10, 2024, 6:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

ServiceNow Now Platform

  • Vancouver
  • Washington, D.C.

Source

psirt@servicenow.com

Tags

CVE-2024-4879 details

Published : July 10, 2024, 5:15 p.m.
Last Modified : July 10, 2024, 6:15 p.m.

Description

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-1287 Improper Validation of Specified Type of Input The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.
This website uses the NVD API, but is not approved or certified by it.