CVE-2024-4879

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:servicenow:servicenow:utah:-:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_1b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_10:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_2_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_2_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_2_hotfix_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_3_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_3_hotfix_1b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_2a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_2b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_5:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_6:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_7:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_7a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_7b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_8:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_9:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_9_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:-:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_5:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_6:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_8:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:-:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3:*:*:*:*:*:*

History

30 Jul 2024, 15:13

Type Values Removed Values Added
References () https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293 - () https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293 - Permissions Required
References () https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1645154 - () https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1645154 - Vendor Advisory
References () https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit - () https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit - Press/Media Coverage
First Time Servicenow
Servicenow servicenow
CPE cpe:2.3:a:servicenow:servicenow:utah:patch_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:-:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_9_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:-:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_5:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_3_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_6:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_2b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_7:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_8:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_2a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_6:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_7b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_3_hotfix_1b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_5:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_1b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_9:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_8:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_7a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_2_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_2_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_2_hotfix_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:-:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_10:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_1a:*:*:*:*:*:*
CWE NVD-CWE-Other

29 Jul 2024, 23:15

Type Values Removed Values Added
References
  • () https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit -

11 Jul 2024, 22:15

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8

11 Jul 2024, 13:05

Type Values Removed Values Added
Summary
  • (es) ServiceNow ha abordado una vulnerabilidad de validación de entrada que se identificó en las versiones de la plataforma Now de Vancouver y Washington DC. Esta vulnerabilidad podría permitir que un usuario no autenticado ejecute código de forma remota dentro del contexto de Now Platform. ServiceNow aplicó una actualización a las instancias alojadas y ServiceNow lanzó la actualización a nuestros socios y clientes autohospedados. A continuación se enumeran los parches y correcciones urgentes que abordan la vulnerabilidad. Si aún no lo ha hecho, le recomendamos aplicar los parches de seguridad relevantes para su instancia lo antes posible.

10 Jul 2024, 18:15

Type Values Removed Values Added
Summary (en) ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington, D.C. Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible. (en) ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.

10 Jul 2024, 17:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-07-10 17:15

Updated : 2024-07-30 15:13


NVD link : CVE-2024-4879

Mitre link : CVE-2024-4879

CVE.ORG link : CVE-2024-4879


JSON object : View

Products Affected

servicenow

  • servicenow
CWE
NVD-CWE-Other CWE-1287

Improper Validation of Specified Type of Input