Search criteria
30 vulnerabilities found for ServiceNow by ServiceNow
CVE-2024-8924 (GCVE-0-2024-8924)
Vulnerability from nvd – Published: 2024-10-29 16:14 – Updated: 2024-10-31 03:55
VLAI?
Title
Unauthenticated Blind SQL Injection in Core Platform
Summary
ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information. ServiceNow deployed an update to hosted instances, and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ServiceNow | Now Platform |
Affected:
0 , < Utah Patch 10b Hot Fix 3
(custom)
Affected: 0 , < Vancouver Patch 8 Hot Fix 5 (custom) Affected: 0 , < Vancouver Patch 9 Hot Fix 3b (custom) Affected: 0 , < Vancouver Patch 10 Hot Fix 2 (custom) Affected: 0 , < Washington DC Patch 4 Hot Fix 2b (custom) Affected: 0 , < Washington DC Patch 5 Hot Fix 6 (custom) Affected: 0 , < Washington DC Patch 6 Hot Fix 1 (custom) Affected: 0 , < Washington DC Patch 7 (custom) Affected: 0 , < Xanadu Patch 1 (custom) |
Credits
T-Mobile
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:utah:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "Utah Patch 10b Hot Fix 3",
"status": "affected",
"version": "Utah",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:vancouver:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "Vancouver Patch 8 Hot Fix 5",
"status": "affected",
"version": "Vancouver",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 9 Hot Fix 3b",
"status": "affected",
"version": "Vancouver",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 10 Hot Fix 2",
"status": "affected",
"version": "Vancouver",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:washington_dc:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "Washington DC Patch 4 Hot Fix 2b",
"status": "affected",
"version": "Washington_DC",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 5 Hot Fix 6",
"status": "affected",
"version": "Washington_DC",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 6 Hot Fix 1",
"status": "affected",
"version": "Washington_DC",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 7",
"status": "affected",
"version": "Washington_DC",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:xanadu:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "Xanadu Patch 1",
"status": "affected",
"version": "Xanadu",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8924",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T03:55:17.683Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Now Platform",
"vendor": "ServiceNow",
"versions": [
{
"lessThan": "Utah Patch 10b Hot Fix 3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 8 Hot Fix 5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 9 Hot Fix 3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 10 Hot Fix 2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 4 Hot Fix 2b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 5 Hot Fix 6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 6 Hot Fix 1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Xanadu Patch 1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "T-Mobile"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eServiceNow deployed an update to hosted instances, and ServiceNow provided the update to our partners and self-hosted customers.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eFurther, the vulnerability is addressed in the listed patches and hot fixes.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information.\u00a0ServiceNow deployed an update to hosted instances, and ServiceNow provided the update to our partners and self-hosted customers.\u00a0Further, the vulnerability is addressed in the listed patches and hot fixes."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T16:14:38.836Z",
"orgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"shortName": "SN"
},
"references": [
{
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1706072"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Blind SQL Injection in Core Platform",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"assignerShortName": "SN",
"cveId": "CVE-2024-8924",
"datePublished": "2024-10-29T16:14:38.836Z",
"dateReserved": "2024-09-16T23:37:01.512Z",
"dateUpdated": "2024-10-31T03:55:17.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8923 (GCVE-0-2024-8923)
Vulnerability from nvd – Published: 2024-10-29 16:07 – Updated: 2024-10-31 03:55
VLAI?
Title
Sandbox Escape in Now Platform
Summary
ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow deployed an update to hosted instances and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes.
Severity ?
9.8 (Critical)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ServiceNow | Now Platform |
Affected:
0 , < Vancouver Patch 9 Hot Fix 2a
(custom)
Affected: 0 , < Vancouver Patch 10 (custom) Affected: 0 , < Washington DC Patch 4 Hot Fix 1a (custom) Affected: 0 , < Washington DC Patch 5 (custom) Affected: 0 , < Xanadu GA Release (custom) |
Credits
T-Mobile
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:vancouver:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "Vancouver Patch 9 Hot Fix 2a",
"status": "affected",
"version": "Vancouver",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 10",
"status": "affected",
"version": "Vancouver",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:washington_dc:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "Washington DC Patch 4 Hot Fix 1a",
"status": "affected",
"version": "Washington_DC",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 5",
"status": "affected",
"version": "Washington_DC",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:xanadu:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "Xanadu GA Release",
"status": "affected",
"version": "Xanadu",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8923",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T03:55:16.080Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Now Platform",
"vendor": "ServiceNow",
"versions": [
{
"lessThan": "Vancouver Patch 9 Hot Fix 2a",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 4 Hot Fix 1a",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Xanadu GA Release",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "T-Mobile"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eServiceNow deployed an update to hosted instances and ServiceNow provided the update to our partners and self-hosted customers.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eFurther, the vulnerability is addressed in the listed patches and hot fixes.\u003c/span\u003e"
}
],
"value": "ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform.\u00a0ServiceNow deployed an update to hosted instances and ServiceNow provided the update to our partners and self-hosted customers.\u00a0Further, the vulnerability is addressed in the listed patches and hot fixes."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T16:23:19.336Z",
"orgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"shortName": "SN"
},
"references": [
{
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1706070"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Sandbox Escape in Now Platform",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"assignerShortName": "SN",
"cveId": "CVE-2024-8923",
"datePublished": "2024-10-29T16:07:07.310Z",
"dateReserved": "2024-09-16T23:33:41.375Z",
"dateUpdated": "2024-10-31T03:55:16.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5217 (GCVE-0-2024-5217)
Vulnerability from nvd – Published: 2024-07-10 16:28 – Updated: 2025-10-21 22:55
VLAI?
Title
Incomplete Input Validation in GlideExpression Script
Summary
ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
Severity ?
9.8 (Critical)
CWE
- CWE-184 - Incomplete List of Disallowed Inputs
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ServiceNow | Now Platform |
Affected:
0 , < Utah Patch 10 Hot Fix 3
(custom)
Affected: 0 , < Utah Patch 10a Hot Fix 2 (custom) Affected: 0 , < Utah Patch 10b Hot Fix 1 (custom) Affected: 0 , < Vancouver Patch 6 Hot Fix 2 (custom) Affected: 0 , < Vancouver Patch 7 Hot Fix 3b (custom) Affected: 0 , < Vancouver Patch 8 Hot Fix 4 (custom) Affected: 0 , < Vancouver Patch 9 Hot Fix 1 (custom) Affected: 0 , < Vancouver Patch 10 (custom) Affected: 0 , < Washington DC Patch 1 Hot Fix 3b (custom) Affected: 0 , < Washington DC Patch 2 Hot Fix 2 (custom) Affected: 0 , < Washington DC Patch 3 Hot Fix 2 (custom) Affected: 0 , < Washington DC Patch 4 (custom) Affected: 0 , < Washington DC Patch 5 (custom) |
Credits
Adam Kues
Assetnote Attack Surface Management
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10b_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10b_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10b_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10b_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10b_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10b_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10b_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10b_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10b_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10b_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10b_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10b_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10b_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5217",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T19:00:26.864987Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-07-29",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-5217"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:49.508Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-5217"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-29T00:00:00+00:00",
"value": "CVE-2024-5217 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:03:11.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1648313"
},
{
"tags": [
"x_login-required",
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1644293"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Now Platform",
"vendor": "ServiceNow",
"versions": [
{
"lessThan": "Utah Patch 10 Hot Fix 3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Utah Patch 10a Hot Fix 2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Utah Patch 10b Hot Fix 1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 6 Hot Fix 2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 7 Hot Fix 3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 8 Hot Fix 4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 9 Hot Fix 1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 1 Hot Fix 3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 2 Hot Fix 2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 3 Hot Fix 2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Kues"
},
{
"lang": "en",
"type": "finder",
"value": "Assetnote Attack Surface Management"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform.\u00a0The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-184",
"description": "CWE-184 Incomplete List of Disallowed Inputs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T22:29:22.478Z",
"orgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"shortName": "SN"
},
"references": [
{
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1648313"
},
{
"tags": [
"x_login-required"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1644293"
},
{
"url": "https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incomplete Input Validation in GlideExpression Script",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"assignerShortName": "SN",
"cveId": "CVE-2024-5217",
"datePublished": "2024-07-10T16:28:32.649Z",
"dateReserved": "2024-05-22T18:36:08.570Z",
"dateUpdated": "2025-10-21T22:55:49.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4879 (GCVE-0-2024-4879)
Vulnerability from nvd – Published: 2024-07-10 16:16 – Updated: 2025-10-21 22:55
VLAI?
Title
Jelly Template Injection Vulnerability in ServiceNow UI Macros
Summary
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
Severity ?
9.8 (Critical)
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ServiceNow | Now Platform |
Affected:
0 , < Utah Patch 10 Hot Fix 3
(custom)
Affected: 0 , < Utah Patch 10a Hot Fix 2 (custom) Affected: 0 , < Vancouver Patch 6 Hot Fix 2 (custom) Affected: 0 , < Vancouver Patch 7 Hot Fix 3b (custom) Affected: 0 , < Vancouver Patch 8 Hot Fix 4 (custom) Affected: 0 , < Vancouver Patch 9 (custom) Affected: 0 , < Vancouver Patch 10 (custom) Affected: 0 , < Washington DC Patch 1 Hot Fix 2b (custom) Affected: 0 , < Washington DC Patch 2 Hot Fix 2 (custom) Affected: 0 , < Washington DC Patch 3 Hot Fix 1 (custom) Affected: 0 , < Washington DC Patch 4 (custom) |
Credits
Adam Kues
Assetnote Attack Surface Management
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_2b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_2b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_2b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_2b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_2b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_2b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_2b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_2b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_2b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_2b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_2b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4879",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T18:58:02.257329Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-07-29",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4879"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:49.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4879"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-29T00:00:00+00:00",
"value": "CVE-2024-4879 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:55:10.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1645154"
},
{
"tags": [
"x_login-required",
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1644293"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Now Platform",
"vendor": "ServiceNow",
"versions": [
{
"lessThan": "Utah Patch 10 Hot Fix 3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Utah Patch 10a Hot Fix 2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 6 Hot Fix 2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 7 Hot Fix 3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 8 Hot Fix 4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 1 Hot Fix 2b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 2 Hot Fix 2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 3 Hot Fix 1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Kues"
},
{
"lang": "en",
"type": "finder",
"value": "Assetnote Attack Surface Management"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform.\u003c/span\u003e\u0026nbsp;\u003c/span\u003eServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.\u003cdiv\u003e\u003c/div\u003e"
}
],
"value": "ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform.\u00a0ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287 Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T22:28:49.374Z",
"orgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"shortName": "SN"
},
"references": [
{
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1645154"
},
{
"tags": [
"x_login-required"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1644293"
},
{
"url": "https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Jelly Template Injection Vulnerability in ServiceNow UI Macros",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"assignerShortName": "SN",
"cveId": "CVE-2024-4879",
"datePublished": "2024-07-10T16:16:39.926Z",
"dateReserved": "2024-05-14T17:39:41.655Z",
"dateUpdated": "2025-10-21T22:55:49.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1298 (GCVE-0-2023-1298)
Vulnerability from nvd – Published: 2023-07-06 17:13 – Updated: 2024-10-21 21:11
VLAI?
Summary
ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ServiceNow | Now User Experience |
Affected:
0 , < San Diego Patch 10
(custom)
Affected: 0 , < Tokyo Patch 4b (custom) Affected: 0 , < Tokyo Patch 6 (custom) Affected: 0 , < Utah Patch 1 (custom) |
Credits
Osama Yousef
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1310230"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.linkedin.com/in/osamay/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1298",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T21:06:59.183731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T21:11:09.595Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Now User Experience",
"vendor": "ServiceNow",
"versions": [
{
"lessThan": "San Diego Patch 10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Tokyo Patch 4b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Tokyo Patch 6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Utah Patch 1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Osama Yousef"
}
],
"datePublic": "2023-07-06T17:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T17:13:15.119Z",
"orgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"shortName": "SN"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1310230"
},
{
"url": "https://www.linkedin.com/in/osamay/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"assignerShortName": "SN",
"cveId": "CVE-2023-1298",
"datePublished": "2023-07-06T17:13:27.552Z",
"dateReserved": "2023-03-09T19:33:01.065Z",
"dateUpdated": "2024-10-21T21:11:09.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43684 (GCVE-0-2022-43684)
Vulnerability from nvd – Published: 2023-06-13 18:51 – Updated: 2025-02-13 16:33
VLAI?
Title
ACL bypass in Reporting functionality
Summary
ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality.
Additional Details
This issue is present in the following supported ServiceNow releases:
* Quebec prior to Patch 10 Hot Fix 8b
* Rome prior to Patch 10 Hot Fix 1
* San Diego prior to Patch 7
* Tokyo prior to Tokyo Patch 1; and
* Utah prior to Utah General Availability
If this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls.
Severity ?
9.9 (Critical)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ServiceNow | Now Platform |
Affected:
Quebec , < Patch 10 Hot Fix 8b
(custom)
Affected: Rome , < Patch 10 Hot Fix 1 (custom) Affected: San Diego , < Patch 7 (custom) Affected: Tokyo , < Tokyo Patch 1 (custom) Affected: Utah , < Utah General Availability (GA) (custom) |
Credits
Luke Symons
Tony Wu
Eldar Marcussen
Gareth Phillips
Jeff Thomas
Nadeem Salim
Stephen Bradshaw
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:40:06.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1303489"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Jul/11"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=36638530"
},
{
"tags": [
"x_transferred"
],
"url": "https://x64.sh/posts/ServiceNow-Insecure-access-control-to-admin/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/173354/ServiceNow-Insecure-Access-Control-Full-Admin-Compromise.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43684",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-02T20:40:28.652664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T20:40:46.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Now Platform",
"vendor": "ServiceNow",
"versions": [
{
"lessThan": "Patch 10 Hot Fix 8b",
"status": "affected",
"version": "Quebec",
"versionType": "custom"
},
{
"lessThan": "Patch 10 Hot Fix 1",
"status": "affected",
"version": "Rome",
"versionType": "custom"
},
{
"lessThan": "Patch 7",
"status": "affected",
"version": "San Diego",
"versionType": "custom"
},
{
"lessThan": "Tokyo Patch 1",
"status": "affected",
"version": "Tokyo",
"versionType": "custom"
},
{
"lessThan": "Utah General Availability (GA)",
"status": "affected",
"version": "Utah",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Luke Symons"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tony Wu"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Eldar Marcussen"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Gareth Phillips"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jeff Thomas"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nadeem Salim"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Stephen Bradshaw"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cp\u003eServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality.\u003c/p\u003e\u003c/div\u003e\u003cp\u003e\u003cstrong\u003eAdditional Details\u003c/strong\u003e\u003c/p\u003e\u003cdiv\u003e\u003cp\u003eThis issue is present in the following supported ServiceNow releases: \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003eQuebec prior to Patch 10 Hot Fix 8b\u003c/li\u003e\u003cli\u003eRome prior to Patch 10 Hot Fix 1\u003c/li\u003e\u003cli\u003eSan Diego prior to Patch 7\u003c/li\u003e\u003cli\u003eTokyo prior to Tokyo Patch 1; and \u003c/li\u003e\u003cli\u003eUtah prior to Utah General Availability \u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eIf this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls.\u003c/p\u003e\u003c/div\u003e"
}
],
"value": "ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality.\n\n\n\nAdditional Details\n\nThis issue is present in the following supported ServiceNow releases: \n\n\n\n * Quebec prior to Patch 10 Hot Fix 8b\n * Rome prior to Patch 10 Hot Fix 1\n * San Diego prior to Patch 7\n * Tokyo prior to Tokyo Patch 1; and \n * Utah prior to Utah General Availability \n\n\n\n\nIf this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-11T17:06:41.003Z",
"orgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"shortName": "SN"
},
"references": [
{
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1303489"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/11"
},
{
"url": "https://news.ycombinator.com/item?id=36638530"
},
{
"url": "https://x64.sh/posts/ServiceNow-Insecure-access-control-to-admin/"
},
{
"url": "http://packetstormsecurity.com/files/173354/ServiceNow-Insecure-Access-Control-Full-Admin-Compromise.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ACL bypass in Reporting functionality",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"assignerShortName": "SN",
"cveId": "CVE-2022-43684",
"datePublished": "2023-06-13T18:51:39.984Z",
"dateReserved": "2022-10-24T04:08:01.240Z",
"dateUpdated": "2025-02-13T16:33:36.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1209 (GCVE-0-2023-1209)
Vulnerability from nvd – Published: 2023-05-23 16:41 – Updated: 2025-01-17 17:45
VLAI?
Summary
Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ServiceNow | ServiceNow Records |
Affected:
0 , < Tokyo Patch 5
(custom)
Affected: 0 , < Tokyo Patch 4a (custom) Affected: 0 , < San Diego Patch 10 (custom) Affected: 0 , < San Diego Patch 9a (custom) Affected: 0 , < Rome Patch 10 Hot Fix 4b (custom) Affected: 0 , < Utah Patch 1 (custom) |
Credits
Osama Yousef
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1262967"
},
{
"tags": [
"x_reporter",
"x_transferred"
],
"url": "https://www.linkedin.com/in/osamay/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1209",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-17T17:45:41.144892Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T17:45:49.612Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ServiceNow Records",
"vendor": "ServiceNow",
"versions": [
{
"lessThan": "Tokyo Patch 5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Tokyo Patch 4a",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "San Diego Patch 10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "San Diego Patch 9a",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Rome Patch 10 Hot Fix 4b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Utah Patch 1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Osama Yousef"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts."
}
],
"value": "Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-23T16:41:39.227Z",
"orgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"shortName": "SN"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1262967"
},
{
"tags": [
"x_reporter"
],
"url": "https://www.linkedin.com/in/osamay/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"assignerShortName": "SN",
"cveId": "CVE-2023-1209",
"datePublished": "2023-05-23T16:41:28.194Z",
"dateReserved": "2023-03-06T19:57:41.453Z",
"dateUpdated": "2025-01-17T17:45:49.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46389 (GCVE-0-2022-46389)
Vulnerability from nvd – Published: 2023-04-17 00:00 – Updated: 2025-02-06 16:01
VLAI?
Title
Cross-Site Scripting (XSS) vulnerability found on logout functionality
Summary
There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego Patch 9, Tokyo Patch 4, and Utah GA. This enables an unauthenticated remote attacker to execute arbitrary JavaScript code in the browser-based web console.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ServiceNow | Now Platform |
Affected:
Quebec , < Patch 10 Hotfix 11b
(custom)
Affected: Rome , < Patch 10 Hotfix 3b (custom) Affected: San Diego , < Patch 9 (custom) Affected: Tokyo , < Patch 4 (custom) Affected: Utah , < GA (custom) |
Credits
Bao Bui a.k.a 0xd0ff9 from VNG Security Team
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:46.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1272156"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46389",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T16:01:34.843493Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T16:01:59.247Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Now Platform",
"vendor": "ServiceNow",
"versions": [
{
"lessThan": "Patch 10 Hotfix 11b",
"status": "affected",
"version": "Quebec",
"versionType": "custom"
},
{
"lessThan": "Patch 10 Hotfix 3b",
"status": "affected",
"version": "Rome",
"versionType": "custom"
},
{
"lessThan": "Patch 9",
"status": "affected",
"version": "San Diego",
"versionType": "custom"
},
{
"lessThan": "Patch 4",
"status": "affected",
"version": "Tokyo",
"versionType": "custom"
},
{
"lessThan": "GA",
"status": "affected",
"version": "Utah",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bao Bui a.k.a 0xd0ff9 from VNG Security Team"
}
],
"datePublic": "2023-04-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego Patch 9, Tokyo Patch 4, and Utah GA. This enables an unauthenticated remote attacker to execute arbitrary JavaScript code in the browser-based web console."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-17T00:00:00.000Z",
"orgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"shortName": "SN"
},
"references": [
{
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1272156"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cross-Site Scripting (XSS) vulnerability found on logout functionality",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"assignerShortName": "SN",
"cveId": "CVE-2022-46389",
"datePublished": "2023-04-17T00:00:00.000Z",
"dateReserved": "2022-12-04T00:00:00.000Z",
"dateUpdated": "2025-02-06T16:01:59.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46886 (GCVE-0-2022-46886)
Vulnerability from nvd – Published: 2023-04-14 00:00 – Updated: 2025-02-06 21:46
VLAI?
Summary
There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain.
Severity ?
5.5 (Medium)
CWE
- open redirect
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ServiceNow | ServiceNow |
Affected:
Tokyo , < Tokyo Patch 1b
(custom)
Affected: San Diego , < San Diego Patch 7b (custom) Affected: Rome , < Rome Patch 10 Hotfix 2b (custom) Affected: Quebec , < Quebec Patch 10 Hotfix 10b (custom) |
Credits
theamanrawat
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:38.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1219857"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46886",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T21:46:23.163978Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T21:46:36.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ServiceNow",
"vendor": "ServiceNow",
"versions": [
{
"changes": [
{
"at": "Tokyo Patch 3",
"status": "unaffected"
}
],
"lessThan": "Tokyo Patch 1b",
"status": "affected",
"version": "Tokyo",
"versionType": "custom"
},
{
"changes": [
{
"at": "San Diego Patch 9",
"status": "unaffected"
}
],
"lessThan": "San Diego Patch 7b",
"status": "affected",
"version": "San Diego",
"versionType": "custom"
},
{
"changes": [
{
"at": "Rome Patch 10 Hotfix 3b",
"status": "unaffected"
}
],
"lessThan": "Rome Patch 10 Hotfix 2b",
"status": "affected",
"version": "Rome",
"versionType": "custom"
},
{
"lessThan": "Quebec Patch 10 Hotfix 10b",
"status": "affected",
"version": "Quebec",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "theamanrawat"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain.\u003c/p\u003e"
}
],
"value": "There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain.\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSuccessful exploitation of this vulnerability potentially could be used to facilitate targeted attacks such as phishing. This may enable attackers to redirect authenticated users to domains the attackers control and cause the disclosure of sensitive information, like login credentials.\u003c/p\u003e"
}
],
"value": "Successful exploitation of this vulnerability potentially could be used to facilitate targeted attacks such as phishing. This may enable attackers to redirect authenticated users to domains the attackers control and cause the disclosure of sensitive information, like login credentials.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "open redirect",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-17T21:53:31.401Z",
"orgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"shortName": "SN"
},
"references": [
{
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1219857"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"assignerShortName": "SN",
"cveId": "CVE-2022-46886",
"datePublished": "2023-04-14T00:00:00.000Z",
"dateReserved": "2022-12-09T00:00:00.000Z",
"dateUpdated": "2025-02-06T21:46:36.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39048 (GCVE-0-2022-39048)
Vulnerability from nvd – Published: 2023-04-10 00:00 – Updated: 2025-02-07 20:14
VLAI?
Title
Cross-Site Scripting (XSS) vulnerability in ServiceNow UI page assessment_redirect
Summary
A XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks, including, but not limited to, phishing, redirection, theft of CSRF tokens, and use of an authenticated user's browser or session to attack other systems.
Severity ?
6.1 (Medium)
CWE
- Cross Site Scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Servicenow | Now Platform |
Affected:
Tokyo , < Patch 1a
(custom)
Affected: San Diego , < Patch 7b (custom) Affected: Rome , < Patch 10 Hotfix 2b (custom) Affected: Quebec , < Patch 10 Hotfix 10b (custom) |
Credits
theamanrawat
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:10:32.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.servicenow.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1221892"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39048",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T20:13:45.492244Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T20:14:00.361Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Now Platform",
"vendor": "Servicenow",
"versions": [
{
"changes": [
{
"at": "Patch 2",
"status": "unaffected"
}
],
"lessThan": "Patch 1a",
"status": "affected",
"version": "Tokyo",
"versionType": "custom"
},
{
"changes": [
{
"at": "Patch 9",
"status": "unaffected"
}
],
"lessThan": "Patch 7b",
"status": "affected",
"version": "San Diego",
"versionType": "custom"
},
{
"lessThan": "Patch 10 Hotfix 2b",
"status": "affected",
"version": "Rome",
"versionType": "custom"
},
{
"lessThan": "Patch 10 Hotfix 10b",
"status": "affected",
"version": "Quebec",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "theamanrawat"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks, including, but not limited to, phishing, redirection, theft of CSRF tokens, and use of an authenticated user\u0027s browser or session to attack other systems.\u003c/p\u003e"
}
],
"value": "A XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks, including, but not limited to, phishing, redirection, theft of CSRF tokens, and use of an authenticated user\u0027s browser or session to attack other systems.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting (XSS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T15:27:13.546Z",
"orgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"shortName": "SN"
},
"references": [
{
"url": "https://support.servicenow.com/"
},
{
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1221892"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting (XSS) vulnerability in ServiceNow UI page assessment_redirect",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"assignerShortName": "SN",
"cveId": "CVE-2022-39048",
"datePublished": "2023-04-10T00:00:00.000Z",
"dateReserved": "2022-08-31T00:00:00.000Z",
"dateUpdated": "2025-02-07T20:14:00.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42704 (GCVE-0-2022-42704)
Vulnerability from nvd – Published: 2023-01-12 00:00 – Updated: 2025-04-09 13:13
VLAI?
Summary
A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp) in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget.
Severity ?
5.4 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:10:41.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1216141"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-42704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T13:13:34.638992Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T13:13:40.445Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp) in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1216141"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42704",
"datePublished": "2023-01-12T00:00:00.000Z",
"dateReserved": "2022-10-10T00:00:00.000Z",
"dateUpdated": "2025-04-09T13:13:40.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38463 (GCVE-0-2022-38463)
Vulnerability from nvd – Published: 2022-08-23 18:07 – Updated: 2024-08-03 10:54
VLAI?
Summary
ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:54:03.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1156793"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-23T18:07:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1156793"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-38463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1156793",
"refsource": "CONFIRM",
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1156793"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-38463",
"datePublished": "2022-08-23T18:07:57",
"dateReserved": "2022-08-19T00:00:00",
"dateUpdated": "2024-08-03T10:54:03.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38172 (GCVE-0-2022-38172)
Vulnerability from nvd – Published: 2022-08-23 18:02 – Updated: 2024-08-03 10:45
VLAI?
Summary
ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1122640"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-23T18:02:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1122640"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-38172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1122640",
"refsource": "CONFIRM",
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1122640"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-38172",
"datePublished": "2022-08-23T18:02:07",
"dateReserved": "2022-08-12T00:00:00",
"dateUpdated": "2024-08-03T10:45:52.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45901 (GCVE-0-2021-45901)
Vulnerability from nvd – Published: 2022-02-10 13:59 – Updated: 2024-08-04 04:54
VLAI?
Summary
The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:54:31.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/servicenow-username-enumeration-vulnerability-cve-2021-45901/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165989/ServiceNow-Orlando-Username-Enumeration.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-16T18:06:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/servicenow-username-enumeration-vulnerability-cve-2021-45901/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/165989/ServiceNow-Orlando-Username-Enumeration.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/",
"refsource": "MISC",
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/"
},
{
"name": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/servicenow-username-enumeration-vulnerability-cve-2021-45901/",
"refsource": "MISC",
"url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/servicenow-username-enumeration-vulnerability-cve-2021-45901/"
},
{
"name": "http://packetstormsecurity.com/files/165989/ServiceNow-Orlando-Username-Enumeration.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165989/ServiceNow-Orlando-Username-Enumeration.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45901",
"datePublished": "2022-02-10T13:59:20",
"dateReserved": "2021-12-27T00:00:00",
"dateUpdated": "2024-08-04T04:54:31.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7748 (GCVE-0-2018-7748)
Vulnerability from nvd – Published: 2018-08-03 18:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '${xyz}' Glide Scripting Injection in the sysparm_media parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://telekomsecurity.github.io/2018/07/servicenow-privilege-escalation.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://telekomsecurity.github.io/assets/advisories/20180104_ServiceNow_GlideInjection.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via \u0027${xyz}\u0027 Glide Scripting Injection in the sysparm_media parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-03T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://telekomsecurity.github.io/2018/07/servicenow-privilege-escalation.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://telekomsecurity.github.io/assets/advisories/20180104_ServiceNow_GlideInjection.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via \u0027${xyz}\u0027 Glide Scripting Injection in the sysparm_media parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://telekomsecurity.github.io/2018/07/servicenow-privilege-escalation.html",
"refsource": "MISC",
"url": "https://telekomsecurity.github.io/2018/07/servicenow-privilege-escalation.html"
},
{
"name": "https://telekomsecurity.github.io/assets/advisories/20180104_ServiceNow_GlideInjection.txt",
"refsource": "MISC",
"url": "https://telekomsecurity.github.io/assets/advisories/20180104_ServiceNow_GlideInjection.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7748",
"datePublished": "2018-08-03T18:00:00",
"dateReserved": "2018-03-07T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8924 (GCVE-0-2024-8924)
Vulnerability from cvelistv5 – Published: 2024-10-29 16:14 – Updated: 2024-10-31 03:55
VLAI?
Title
Unauthenticated Blind SQL Injection in Core Platform
Summary
ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information. ServiceNow deployed an update to hosted instances, and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes.
Severity ?
CWE
- CWE-89 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ServiceNow | Now Platform |
Affected:
0 , < Utah Patch 10b Hot Fix 3
(custom)
Affected: 0 , < Vancouver Patch 8 Hot Fix 5 (custom) Affected: 0 , < Vancouver Patch 9 Hot Fix 3b (custom) Affected: 0 , < Vancouver Patch 10 Hot Fix 2 (custom) Affected: 0 , < Washington DC Patch 4 Hot Fix 2b (custom) Affected: 0 , < Washington DC Patch 5 Hot Fix 6 (custom) Affected: 0 , < Washington DC Patch 6 Hot Fix 1 (custom) Affected: 0 , < Washington DC Patch 7 (custom) Affected: 0 , < Xanadu Patch 1 (custom) |
Credits
T-Mobile
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:utah:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "Utah Patch 10b Hot Fix 3",
"status": "affected",
"version": "Utah",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:vancouver:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "Vancouver Patch 8 Hot Fix 5",
"status": "affected",
"version": "Vancouver",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 9 Hot Fix 3b",
"status": "affected",
"version": "Vancouver",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 10 Hot Fix 2",
"status": "affected",
"version": "Vancouver",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:washington_dc:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "Washington DC Patch 4 Hot Fix 2b",
"status": "affected",
"version": "Washington_DC",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 5 Hot Fix 6",
"status": "affected",
"version": "Washington_DC",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 6 Hot Fix 1",
"status": "affected",
"version": "Washington_DC",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 7",
"status": "affected",
"version": "Washington_DC",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:xanadu:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "Xanadu Patch 1",
"status": "affected",
"version": "Xanadu",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8924",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T03:55:17.683Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Now Platform",
"vendor": "ServiceNow",
"versions": [
{
"lessThan": "Utah Patch 10b Hot Fix 3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 8 Hot Fix 5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 9 Hot Fix 3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 10 Hot Fix 2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 4 Hot Fix 2b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 5 Hot Fix 6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 6 Hot Fix 1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 7",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Xanadu Patch 1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "T-Mobile"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eServiceNow deployed an update to hosted instances, and ServiceNow provided the update to our partners and self-hosted customers.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eFurther, the vulnerability is addressed in the listed patches and hot fixes.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information.\u00a0ServiceNow deployed an update to hosted instances, and ServiceNow provided the update to our partners and self-hosted customers.\u00a0Further, the vulnerability is addressed in the listed patches and hot fixes."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T16:14:38.836Z",
"orgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"shortName": "SN"
},
"references": [
{
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1706072"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Unauthenticated Blind SQL Injection in Core Platform",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"assignerShortName": "SN",
"cveId": "CVE-2024-8924",
"datePublished": "2024-10-29T16:14:38.836Z",
"dateReserved": "2024-09-16T23:37:01.512Z",
"dateUpdated": "2024-10-31T03:55:17.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8923 (GCVE-0-2024-8923)
Vulnerability from cvelistv5 – Published: 2024-10-29 16:07 – Updated: 2024-10-31 03:55
VLAI?
Title
Sandbox Escape in Now Platform
Summary
ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow deployed an update to hosted instances and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes.
Severity ?
9.8 (Critical)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ServiceNow | Now Platform |
Affected:
0 , < Vancouver Patch 9 Hot Fix 2a
(custom)
Affected: 0 , < Vancouver Patch 10 (custom) Affected: 0 , < Washington DC Patch 4 Hot Fix 1a (custom) Affected: 0 , < Washington DC Patch 5 (custom) Affected: 0 , < Xanadu GA Release (custom) |
Credits
T-Mobile
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:vancouver:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "Vancouver Patch 9 Hot Fix 2a",
"status": "affected",
"version": "Vancouver",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 10",
"status": "affected",
"version": "Vancouver",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:washington_dc:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "Washington DC Patch 4 Hot Fix 1a",
"status": "affected",
"version": "Washington_DC",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 5",
"status": "affected",
"version": "Washington_DC",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:xanadu:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "Xanadu GA Release",
"status": "affected",
"version": "Xanadu",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8923",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T00:00:00+00:00",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-31T03:55:16.080Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Now Platform",
"vendor": "ServiceNow",
"versions": [
{
"lessThan": "Vancouver Patch 9 Hot Fix 2a",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 4 Hot Fix 1a",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Xanadu GA Release",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "T-Mobile"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eServiceNow deployed an update to hosted instances and ServiceNow provided the update to our partners and self-hosted customers.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: var(--wht);\"\u003eFurther, the vulnerability is addressed in the listed patches and hot fixes.\u003c/span\u003e"
}
],
"value": "ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform.\u00a0ServiceNow deployed an update to hosted instances and ServiceNow provided the update to our partners and self-hosted customers.\u00a0Further, the vulnerability is addressed in the listed patches and hot fixes."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-29T16:23:19.336Z",
"orgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"shortName": "SN"
},
"references": [
{
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1706070"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Sandbox Escape in Now Platform",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"assignerShortName": "SN",
"cveId": "CVE-2024-8923",
"datePublished": "2024-10-29T16:07:07.310Z",
"dateReserved": "2024-09-16T23:33:41.375Z",
"dateUpdated": "2024-10-31T03:55:16.080Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-5217 (GCVE-0-2024-5217)
Vulnerability from cvelistv5 – Published: 2024-07-10 16:28 – Updated: 2025-10-21 22:55
VLAI?
Title
Incomplete Input Validation in GlideExpression Script
Summary
ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
Severity ?
9.8 (Critical)
CWE
- CWE-184 - Incomplete List of Disallowed Inputs
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ServiceNow | Now Platform |
Affected:
0 , < Utah Patch 10 Hot Fix 3
(custom)
Affected: 0 , < Utah Patch 10a Hot Fix 2 (custom) Affected: 0 , < Utah Patch 10b Hot Fix 1 (custom) Affected: 0 , < Vancouver Patch 6 Hot Fix 2 (custom) Affected: 0 , < Vancouver Patch 7 Hot Fix 3b (custom) Affected: 0 , < Vancouver Patch 8 Hot Fix 4 (custom) Affected: 0 , < Vancouver Patch 9 Hot Fix 1 (custom) Affected: 0 , < Vancouver Patch 10 (custom) Affected: 0 , < Washington DC Patch 1 Hot Fix 3b (custom) Affected: 0 , < Washington DC Patch 2 Hot Fix 2 (custom) Affected: 0 , < Washington DC Patch 3 Hot Fix 2 (custom) Affected: 0 , < Washington DC Patch 4 (custom) Affected: 0 , < Washington DC Patch 5 (custom) |
Credits
Adam Kues
Assetnote Attack Surface Management
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10b_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10b_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10b_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10b_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10b_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10b_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10b_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10b_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10b_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10b_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10b_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10b_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10b_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5217",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T19:00:26.864987Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-07-29",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-5217"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:49.508Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-5217"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-29T00:00:00+00:00",
"value": "CVE-2024-5217 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:03:11.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1648313"
},
{
"tags": [
"x_login-required",
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1644293"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Now Platform",
"vendor": "ServiceNow",
"versions": [
{
"lessThan": "Utah Patch 10 Hot Fix 3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Utah Patch 10a Hot Fix 2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Utah Patch 10b Hot Fix 1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 6 Hot Fix 2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 7 Hot Fix 3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 8 Hot Fix 4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 9 Hot Fix 1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 1 Hot Fix 3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 2 Hot Fix 2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 3 Hot Fix 2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Kues"
},
{
"lang": "en",
"type": "finder",
"value": "Assetnote Attack Surface Management"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform.\u00a0The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-184",
"description": "CWE-184 Incomplete List of Disallowed Inputs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T22:29:22.478Z",
"orgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"shortName": "SN"
},
"references": [
{
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1648313"
},
{
"tags": [
"x_login-required"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1644293"
},
{
"url": "https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incomplete Input Validation in GlideExpression Script",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"assignerShortName": "SN",
"cveId": "CVE-2024-5217",
"datePublished": "2024-07-10T16:28:32.649Z",
"dateReserved": "2024-05-22T18:36:08.570Z",
"dateUpdated": "2025-10-21T22:55:49.508Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-4879 (GCVE-0-2024-4879)
Vulnerability from cvelistv5 – Published: 2024-07-10 16:16 – Updated: 2025-10-21 22:55
VLAI?
Title
Jelly Template Injection Vulnerability in ServiceNow UI Macros
Summary
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
Severity ?
9.8 (Critical)
CWE
- CWE-1287 - Improper Validation of Specified Type of Input
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ServiceNow | Now Platform |
Affected:
0 , < Utah Patch 10 Hot Fix 3
(custom)
Affected: 0 , < Utah Patch 10a Hot Fix 2 (custom) Affected: 0 , < Vancouver Patch 6 Hot Fix 2 (custom) Affected: 0 , < Vancouver Patch 7 Hot Fix 3b (custom) Affected: 0 , < Vancouver Patch 8 Hot Fix 4 (custom) Affected: 0 , < Vancouver Patch 9 (custom) Affected: 0 , < Vancouver Patch 10 (custom) Affected: 0 , < Washington DC Patch 1 Hot Fix 2b (custom) Affected: 0 , < Washington DC Patch 2 Hot Fix 2 (custom) Affected: 0 , < Washington DC Patch 3 Hot Fix 1 (custom) Affected: 0 , < Washington DC Patch 4 (custom) |
Credits
Adam Kues
Assetnote Attack Surface Management
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_2b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_2b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_2b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_2b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_2b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_2b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_2b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_2b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_2b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_2b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_2b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4879",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T18:58:02.257329Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-07-29",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4879"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T22:55:49.702Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4879"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-07-29T00:00:00+00:00",
"value": "CVE-2024-4879 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:55:10.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1645154"
},
{
"tags": [
"x_login-required",
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1644293"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Now Platform",
"vendor": "ServiceNow",
"versions": [
{
"lessThan": "Utah Patch 10 Hot Fix 3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Utah Patch 10a Hot Fix 2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 6 Hot Fix 2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 7 Hot Fix 3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 8 Hot Fix 4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 1 Hot Fix 2b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 2 Hot Fix 2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 3 Hot Fix 1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Kues"
},
{
"lang": "en",
"type": "finder",
"value": "Assetnote Attack Surface Management"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform.\u003c/span\u003e\u0026nbsp;\u003c/span\u003eServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.\u003cdiv\u003e\u003c/div\u003e"
}
],
"value": "ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform.\u00a0ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287 Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T22:28:49.374Z",
"orgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"shortName": "SN"
},
"references": [
{
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1645154"
},
{
"tags": [
"x_login-required"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1644293"
},
{
"url": "https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Jelly Template Injection Vulnerability in ServiceNow UI Macros",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"assignerShortName": "SN",
"cveId": "CVE-2024-4879",
"datePublished": "2024-07-10T16:16:39.926Z",
"dateReserved": "2024-05-14T17:39:41.655Z",
"dateUpdated": "2025-10-21T22:55:49.702Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1298 (GCVE-0-2023-1298)
Vulnerability from cvelistv5 – Published: 2023-07-06 17:13 – Updated: 2024-10-21 21:11
VLAI?
Summary
ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ServiceNow | Now User Experience |
Affected:
0 , < San Diego Patch 10
(custom)
Affected: 0 , < Tokyo Patch 4b (custom) Affected: 0 , < Tokyo Patch 6 (custom) Affected: 0 , < Utah Patch 1 (custom) |
Credits
Osama Yousef
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.973Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1310230"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.linkedin.com/in/osamay/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1298",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-21T21:06:59.183731Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-21T21:11:09.595Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Now User Experience",
"vendor": "ServiceNow",
"versions": [
{
"lessThan": "San Diego Patch 10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Tokyo Patch 4b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Tokyo Patch 6",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Utah Patch 1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Osama Yousef"
}
],
"datePublic": "2023-07-06T17:15:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "ServiceNow has released upgrades and patches that address a Reflected Cross-Site scripting (XSS) vulnerability that was identified in the ServiceNow Polaris Layout. This vulnerability would enable an authenticated user to inject arbitrary scripts.\n"
}
],
"impacts": [
{
"capecId": "CAPEC-63",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-63"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-07T17:13:15.119Z",
"orgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"shortName": "SN"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1310230"
},
{
"url": "https://www.linkedin.com/in/osamay/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"assignerShortName": "SN",
"cveId": "CVE-2023-1298",
"datePublished": "2023-07-06T17:13:27.552Z",
"dateReserved": "2023-03-09T19:33:01.065Z",
"dateUpdated": "2024-10-21T21:11:09.595Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-43684 (GCVE-0-2022-43684)
Vulnerability from cvelistv5 – Published: 2023-06-13 18:51 – Updated: 2025-02-13 16:33
VLAI?
Title
ACL bypass in Reporting functionality
Summary
ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality.
Additional Details
This issue is present in the following supported ServiceNow releases:
* Quebec prior to Patch 10 Hot Fix 8b
* Rome prior to Patch 10 Hot Fix 1
* San Diego prior to Patch 7
* Tokyo prior to Tokyo Patch 1; and
* Utah prior to Utah General Availability
If this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls.
Severity ?
9.9 (Critical)
CWE
- CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ServiceNow | Now Platform |
Affected:
Quebec , < Patch 10 Hot Fix 8b
(custom)
Affected: Rome , < Patch 10 Hot Fix 1 (custom) Affected: San Diego , < Patch 7 (custom) Affected: Tokyo , < Tokyo Patch 1 (custom) Affected: Utah , < Utah General Availability (GA) (custom) |
Credits
Luke Symons
Tony Wu
Eldar Marcussen
Gareth Phillips
Jeff Thomas
Nadeem Salim
Stephen Bradshaw
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:40:06.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1303489"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Jul/11"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=36638530"
},
{
"tags": [
"x_transferred"
],
"url": "https://x64.sh/posts/ServiceNow-Insecure-access-control-to-admin/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/173354/ServiceNow-Insecure-Access-Control-Full-Admin-Compromise.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-43684",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-02T20:40:28.652664Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-02T20:40:46.154Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Now Platform",
"vendor": "ServiceNow",
"versions": [
{
"lessThan": "Patch 10 Hot Fix 8b",
"status": "affected",
"version": "Quebec",
"versionType": "custom"
},
{
"lessThan": "Patch 10 Hot Fix 1",
"status": "affected",
"version": "Rome",
"versionType": "custom"
},
{
"lessThan": "Patch 7",
"status": "affected",
"version": "San Diego",
"versionType": "custom"
},
{
"lessThan": "Tokyo Patch 1",
"status": "affected",
"version": "Tokyo",
"versionType": "custom"
},
{
"lessThan": "Utah General Availability (GA)",
"status": "affected",
"version": "Utah",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Luke Symons"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tony Wu"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Eldar Marcussen"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Gareth Phillips"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jeff Thomas"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nadeem Salim"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Stephen Bradshaw"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cp\u003eServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality.\u003c/p\u003e\u003c/div\u003e\u003cp\u003e\u003cstrong\u003eAdditional Details\u003c/strong\u003e\u003c/p\u003e\u003cdiv\u003e\u003cp\u003eThis issue is present in the following supported ServiceNow releases: \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003eQuebec prior to Patch 10 Hot Fix 8b\u003c/li\u003e\u003cli\u003eRome prior to Patch 10 Hot Fix 1\u003c/li\u003e\u003cli\u003eSan Diego prior to Patch 7\u003c/li\u003e\u003cli\u003eTokyo prior to Tokyo Patch 1; and \u003c/li\u003e\u003cli\u003eUtah prior to Utah General Availability \u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eIf this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls.\u003c/p\u003e\u003c/div\u003e"
}
],
"value": "ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality.\n\n\n\nAdditional Details\n\nThis issue is present in the following supported ServiceNow releases: \n\n\n\n * Quebec prior to Patch 10 Hot Fix 8b\n * Rome prior to Patch 10 Hot Fix 1\n * San Diego prior to Patch 7\n * Tokyo prior to Tokyo Patch 1; and \n * Utah prior to Utah General Availability \n\n\n\n\nIf this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-11T17:06:41.003Z",
"orgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"shortName": "SN"
},
"references": [
{
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1303489"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/11"
},
{
"url": "https://news.ycombinator.com/item?id=36638530"
},
{
"url": "https://x64.sh/posts/ServiceNow-Insecure-access-control-to-admin/"
},
{
"url": "http://packetstormsecurity.com/files/173354/ServiceNow-Insecure-Access-Control-Full-Admin-Compromise.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ACL bypass in Reporting functionality",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"assignerShortName": "SN",
"cveId": "CVE-2022-43684",
"datePublished": "2023-06-13T18:51:39.984Z",
"dateReserved": "2022-10-24T04:08:01.240Z",
"dateUpdated": "2025-02-13T16:33:36.489Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-1209 (GCVE-0-2023-1209)
Vulnerability from cvelistv5 – Published: 2023-05-23 16:41 – Updated: 2025-01-17 17:45
VLAI?
Summary
Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts.
Severity ?
4.3 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ServiceNow | ServiceNow Records |
Affected:
0 , < Tokyo Patch 5
(custom)
Affected: 0 , < Tokyo Patch 4a (custom) Affected: 0 , < San Diego Patch 10 (custom) Affected: 0 , < San Diego Patch 9a (custom) Affected: 0 , < Rome Patch 10 Hot Fix 4b (custom) Affected: 0 , < Utah Patch 1 (custom) |
Credits
Osama Yousef
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T05:40:59.882Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1262967"
},
{
"tags": [
"x_reporter",
"x_transferred"
],
"url": "https://www.linkedin.com/in/osamay/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-1209",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-17T17:45:41.144892Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-17T17:45:49.612Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ServiceNow Records",
"vendor": "ServiceNow",
"versions": [
{
"lessThan": "Tokyo Patch 5",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Tokyo Patch 4a",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "San Diego Patch 10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "San Diego Patch 9a",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Rome Patch 10 Hot Fix 4b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Utah Patch 1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Osama Yousef"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts."
}
],
"value": "Cross-Site Scripting (XSS) vulnerabilities exist in ServiceNow records allowing an authenticated attacker to inject arbitrary scripts."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-23T16:41:39.227Z",
"orgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"shortName": "SN"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1262967"
},
{
"tags": [
"x_reporter"
],
"url": "https://www.linkedin.com/in/osamay/"
}
],
"source": {
"discovery": "UNKNOWN"
},
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"assignerShortName": "SN",
"cveId": "CVE-2023-1209",
"datePublished": "2023-05-23T16:41:28.194Z",
"dateReserved": "2023-03-06T19:57:41.453Z",
"dateUpdated": "2025-01-17T17:45:49.612Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46389 (GCVE-0-2022-46389)
Vulnerability from cvelistv5 – Published: 2023-04-17 00:00 – Updated: 2025-02-06 16:01
VLAI?
Title
Cross-Site Scripting (XSS) vulnerability found on logout functionality
Summary
There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego Patch 9, Tokyo Patch 4, and Utah GA. This enables an unauthenticated remote attacker to execute arbitrary JavaScript code in the browser-based web console.
Severity ?
6.1 (Medium)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ServiceNow | Now Platform |
Affected:
Quebec , < Patch 10 Hotfix 11b
(custom)
Affected: Rome , < Patch 10 Hotfix 3b (custom) Affected: San Diego , < Patch 9 (custom) Affected: Tokyo , < Patch 4 (custom) Affected: Utah , < GA (custom) |
Credits
Bao Bui a.k.a 0xd0ff9 from VNG Security Team
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:46.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1272156"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46389",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T16:01:34.843493Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T16:01:59.247Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Now Platform",
"vendor": "ServiceNow",
"versions": [
{
"lessThan": "Patch 10 Hotfix 11b",
"status": "affected",
"version": "Quebec",
"versionType": "custom"
},
{
"lessThan": "Patch 10 Hotfix 3b",
"status": "affected",
"version": "Rome",
"versionType": "custom"
},
{
"lessThan": "Patch 9",
"status": "affected",
"version": "San Diego",
"versionType": "custom"
},
{
"lessThan": "Patch 4",
"status": "affected",
"version": "Tokyo",
"versionType": "custom"
},
{
"lessThan": "GA",
"status": "affected",
"version": "Utah",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bao Bui a.k.a 0xd0ff9 from VNG Security Team"
}
],
"datePublic": "2023-04-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego Patch 9, Tokyo Patch 4, and Utah GA. This enables an unauthenticated remote attacker to execute arbitrary JavaScript code in the browser-based web console."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-17T00:00:00.000Z",
"orgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"shortName": "SN"
},
"references": [
{
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1272156"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cross-Site Scripting (XSS) vulnerability found on logout functionality",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"assignerShortName": "SN",
"cveId": "CVE-2022-46389",
"datePublished": "2023-04-17T00:00:00.000Z",
"dateReserved": "2022-12-04T00:00:00.000Z",
"dateUpdated": "2025-02-06T16:01:59.247Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-46886 (GCVE-0-2022-46886)
Vulnerability from cvelistv5 – Published: 2023-04-14 00:00 – Updated: 2025-02-06 21:46
VLAI?
Summary
There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain.
Severity ?
5.5 (Medium)
CWE
- open redirect
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| ServiceNow | ServiceNow |
Affected:
Tokyo , < Tokyo Patch 1b
(custom)
Affected: San Diego , < San Diego Patch 7b (custom) Affected: Rome , < Rome Patch 10 Hotfix 2b (custom) Affected: Quebec , < Quebec Patch 10 Hotfix 10b (custom) |
Credits
theamanrawat
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:39:38.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1219857"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-46886",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-06T21:46:23.163978Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T21:46:36.801Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "ServiceNow",
"vendor": "ServiceNow",
"versions": [
{
"changes": [
{
"at": "Tokyo Patch 3",
"status": "unaffected"
}
],
"lessThan": "Tokyo Patch 1b",
"status": "affected",
"version": "Tokyo",
"versionType": "custom"
},
{
"changes": [
{
"at": "San Diego Patch 9",
"status": "unaffected"
}
],
"lessThan": "San Diego Patch 7b",
"status": "affected",
"version": "San Diego",
"versionType": "custom"
},
{
"changes": [
{
"at": "Rome Patch 10 Hotfix 3b",
"status": "unaffected"
}
],
"lessThan": "Rome Patch 10 Hotfix 2b",
"status": "affected",
"version": "Rome",
"versionType": "custom"
},
{
"lessThan": "Quebec Patch 10 Hotfix 10b",
"status": "affected",
"version": "Quebec",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "theamanrawat"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eThere exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain.\u003c/p\u003e"
}
],
"value": "There exists an open redirect within the response list update functionality of ServiceNow. This allows attackers to redirect users to arbitrary domains when clicking on a URL within a service-now domain.\n\n"
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eSuccessful exploitation of this vulnerability potentially could be used to facilitate targeted attacks such as phishing. This may enable attackers to redirect authenticated users to domains the attackers control and cause the disclosure of sensitive information, like login credentials.\u003c/p\u003e"
}
],
"value": "Successful exploitation of this vulnerability potentially could be used to facilitate targeted attacks such as phishing. This may enable attackers to redirect authenticated users to domains the attackers control and cause the disclosure of sensitive information, like login credentials.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "open redirect",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-17T21:53:31.401Z",
"orgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"shortName": "SN"
},
"references": [
{
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1219857"
}
],
"source": {
"discovery": "EXTERNAL"
},
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"assignerShortName": "SN",
"cveId": "CVE-2022-46886",
"datePublished": "2023-04-14T00:00:00.000Z",
"dateReserved": "2022-12-09T00:00:00.000Z",
"dateUpdated": "2025-02-06T21:46:36.801Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-39048 (GCVE-0-2022-39048)
Vulnerability from cvelistv5 – Published: 2023-04-10 00:00 – Updated: 2025-02-07 20:14
VLAI?
Title
Cross-Site Scripting (XSS) vulnerability in ServiceNow UI page assessment_redirect
Summary
A XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks, including, but not limited to, phishing, redirection, theft of CSRF tokens, and use of an authenticated user's browser or session to attack other systems.
Severity ?
6.1 (Medium)
CWE
- Cross Site Scripting (XSS)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Servicenow | Now Platform |
Affected:
Tokyo , < Patch 1a
(custom)
Affected: San Diego , < Patch 7b (custom) Affected: Rome , < Patch 10 Hotfix 2b (custom) Affected: Quebec , < Patch 10 Hotfix 10b (custom) |
Credits
theamanrawat
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:10:32.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.servicenow.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1221892"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-39048",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-07T20:13:45.492244Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-07T20:14:00.361Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Now Platform",
"vendor": "Servicenow",
"versions": [
{
"changes": [
{
"at": "Patch 2",
"status": "unaffected"
}
],
"lessThan": "Patch 1a",
"status": "affected",
"version": "Tokyo",
"versionType": "custom"
},
{
"changes": [
{
"at": "Patch 9",
"status": "unaffected"
}
],
"lessThan": "Patch 7b",
"status": "affected",
"version": "San Diego",
"versionType": "custom"
},
{
"lessThan": "Patch 10 Hotfix 2b",
"status": "affected",
"version": "Rome",
"versionType": "custom"
},
{
"lessThan": "Patch 10 Hotfix 10b",
"status": "affected",
"version": "Quebec",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "theamanrawat"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks, including, but not limited to, phishing, redirection, theft of CSRF tokens, and use of an authenticated user\u0027s browser or session to attack other systems.\u003c/p\u003e"
}
],
"value": "A XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks, including, but not limited to, phishing, redirection, theft of CSRF tokens, and use of an authenticated user\u0027s browser or session to attack other systems.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting (XSS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T15:27:13.546Z",
"orgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"shortName": "SN"
},
"references": [
{
"url": "https://support.servicenow.com/"
},
{
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1221892"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting (XSS) vulnerability in ServiceNow UI page assessment_redirect",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"assignerShortName": "SN",
"cveId": "CVE-2022-39048",
"datePublished": "2023-04-10T00:00:00.000Z",
"dateReserved": "2022-08-31T00:00:00.000Z",
"dateUpdated": "2025-02-07T20:14:00.361Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-42704 (GCVE-0-2022-42704)
Vulnerability from cvelistv5 – Published: 2023-01-12 00:00 – Updated: 2025-04-09 13:13
VLAI?
Summary
A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp) in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget.
Severity ?
5.4 (Medium)
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:10:41.436Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1216141"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-42704",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-09T13:13:34.638992Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-09T13:13:40.445Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in Employee Service Center (esc) and Service Portal (sp) in ServiceNow Quebec, Rome, and San Diego allows remote attackers to inject arbitrary web script via the Standard Ticket Conversations widget."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-01-12T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1216141"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-42704",
"datePublished": "2023-01-12T00:00:00.000Z",
"dateReserved": "2022-10-10T00:00:00.000Z",
"dateUpdated": "2025-04-09T13:13:40.445Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38463 (GCVE-0-2022-38463)
Vulnerability from cvelistv5 – Published: 2022-08-23 18:07 – Updated: 2024-08-03 10:54
VLAI?
Summary
ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:54:03.697Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1156793"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-23T18:07:57",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1156793"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-38463",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ServiceNow through San Diego Patch 4b and Patch 6 allows reflected XSS in the logout functionality."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1156793",
"refsource": "CONFIRM",
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1156793"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-38463",
"datePublished": "2022-08-23T18:07:57",
"dateReserved": "2022-08-19T00:00:00",
"dateUpdated": "2024-08-03T10:54:03.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38172 (GCVE-0-2022-38172)
Vulnerability from cvelistv5 – Published: 2022-08-23 18:02 – Updated: 2024-08-03 10:45
VLAI?
Summary
ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.998Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1122640"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-23T18:02:07",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1122640"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2022-38172",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ServiceNow through San Diego Patch 3 allows XSS via the name field during creation of a new dashboard for the Performance Analytics dashboard."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1122640",
"refsource": "CONFIRM",
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1122640"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2022-38172",
"datePublished": "2022-08-23T18:02:07",
"dateReserved": "2022-08-12T00:00:00",
"dateUpdated": "2024-08-03T10:45:52.998Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-45901 (GCVE-0-2021-45901)
Vulnerability from cvelistv5 – Published: 2022-02-10 13:59 – Updated: 2024-08-04 04:54
VLAI?
Summary
The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:54:31.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/servicenow-username-enumeration-vulnerability-cve-2021-45901/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165989/ServiceNow-Orlando-Username-Enumeration.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-16T18:06:23",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/servicenow-username-enumeration-vulnerability-cve-2021-45901/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/165989/ServiceNow-Orlando-Username-Enumeration.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-45901",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The password-reset form in ServiceNow Orlando provides different responses to invalid authentication attempts depending on whether the username exists."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/",
"refsource": "MISC",
"url": "https://www.trustwave.com/en-us/resources/security-resources/security-advisories/"
},
{
"name": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/servicenow-username-enumeration-vulnerability-cve-2021-45901/",
"refsource": "MISC",
"url": "https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/servicenow-username-enumeration-vulnerability-cve-2021-45901/"
},
{
"name": "http://packetstormsecurity.com/files/165989/ServiceNow-Orlando-Username-Enumeration.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165989/ServiceNow-Orlando-Username-Enumeration.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-45901",
"datePublished": "2022-02-10T13:59:20",
"dateReserved": "2021-12-27T00:00:00",
"dateUpdated": "2024-08-04T04:54:31.164Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-7748 (GCVE-0-2018-7748)
Vulnerability from cvelistv5 – Published: 2018-08-03 18:00 – Updated: 2024-08-05 06:37
VLAI?
Summary
report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '${xyz}' Glide Scripting Injection in the sysparm_media parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:37:59.470Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://telekomsecurity.github.io/2018/07/servicenow-privilege-escalation.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://telekomsecurity.github.io/assets/advisories/20180104_ServiceNow_GlideInjection.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-07-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via \u0027${xyz}\u0027 Glide Scripting Injection in the sysparm_media parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-08-03T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://telekomsecurity.github.io/2018/07/servicenow-privilege-escalation.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://telekomsecurity.github.io/assets/advisories/20180104_ServiceNow_GlideInjection.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-7748",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via \u0027${xyz}\u0027 Glide Scripting Injection in the sysparm_media parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://telekomsecurity.github.io/2018/07/servicenow-privilege-escalation.html",
"refsource": "MISC",
"url": "https://telekomsecurity.github.io/2018/07/servicenow-privilege-escalation.html"
},
{
"name": "https://telekomsecurity.github.io/assets/advisories/20180104_ServiceNow_GlideInjection.txt",
"refsource": "MISC",
"url": "https://telekomsecurity.github.io/assets/advisories/20180104_ServiceNow_GlideInjection.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-7748",
"datePublished": "2018-08-03T18:00:00",
"dateReserved": "2018-03-07T00:00:00",
"dateUpdated": "2024-08-05T06:37:59.470Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}