CVE-2024-4879

Опубликовано: 10 июл. 2024

Источник: nvd

CVSS3: 9.8

EPSS Критический

Описание

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.

Ссылки

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293
Permissions Required
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1645154
Vendor Advisory
https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit
Press/Media Coverage
Third Party Advisory
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293
Permissions Required
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1645154
Vendor Advisory
https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit
Press/Media Coverage
Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4879
US Government Resource

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:servicenow:servicenow:utah:-:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:early_availability:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_1a:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_1b:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_1_hotfix_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_10:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_10_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_10_hotfix_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_10a:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_10a_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_2_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_2_hotfix_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_2_hotfix_3:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_2_hotfix_4:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_3:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_3_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_3_hotfix_1b:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_4:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_2a:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_2b:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_3:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_3b:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_4:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_4b:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_4_hotfix_5:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_5:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_5_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_6:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_6_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_6_hotfix_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_7:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_7_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_7_hotfix_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_7a:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_7b:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_8:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_8_hotfix_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_9:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_9_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_9_hotfix_1a:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:utah:patch_9_hotfix_1b:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:servicenow:servicenow:vancouver:-:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_1_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_10:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_1a:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_3:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix1a:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_3:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_3:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_4:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_4:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1a:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1b:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_2b:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_5:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_5_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_6:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_6_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_7:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_1a:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2a:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2b:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_3a:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_8:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_3:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_9:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:servicenow:servicenow:washington_dc:-:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2a:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3:*:*:*:*:*:*

EPSS

Процентиль: 100%

0.94349

Критический

9.8 Critical

CVSS3

Дефекты

CWE-1287

NVD-CWE-Other

Связанные уязвимости

GHSA-355h-wpr8-m2qx

CVSS3: 9.8

github

больше 1 года назад

BDU:2025-07204

CVSS3: 9.8

fstec

больше 1 года назад

Уязвимость системы управления ИТ-инфраструктурой Now Platform, связанная с неправильной проверкой указанного типа входных данных, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 100%

0.94349

Критический

9.8 Critical

CVSS3

Дефекты

CWE-1287

NVD-CWE-Other