ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow deployed an update to hosted instances and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes.
References
Link | Resource |
---|---|
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1706070 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
07 Nov 2024, 17:18
Type | Values Removed | Values Added |
---|---|---|
References | () https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1706070 - Vendor Advisory | |
CPE | cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_1a:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix1a:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_6:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_2b:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1b:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:xanadu:-:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_1:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_2a:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:-:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_8:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1a:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:ptach_7:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:-:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2a:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_2:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_1b:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_5:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:vancouver:patch_4:*:*:*:*:*:* cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1:*:*:*:*:*:* |
|
First Time |
Servicenow
Servicenow servicenow |
01 Nov 2024, 12:57
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
29 Oct 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-94 |
29 Oct 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-29 16:15
Updated : 2024-11-07 17:18
NVD link : CVE-2024-8923
Mitre link : CVE-2024-8923
CVE.ORG link : CVE-2024-8923
JSON object : View
Products Affected
servicenow
- servicenow
CWE
CWE-94
Improper Control of Generation of Code ('Code Injection')