CVE-2024-8924

Опубликовано: 29 окт. 2024

Источник: nvd

CVSS3: 7.5

EPSS Низкий

Описание

ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information. ServiceNow deployed an update to hosted instances, and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes.

Ссылки

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1706072
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:servicenow:servicenow:xanadu:-:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:xanadu:early_availability:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:xanadu:early_availability_hotfix_1:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:a:servicenow:servicenow:vancouver:-:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:early_availability:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:early_availability_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:early_availability_hotfix_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_1_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_10:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_10_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_1a:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_3:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix1a:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_3:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_3:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_4:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_4:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1a:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1b:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_2b:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_5:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_5_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_6:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_6_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_6_hotfix_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_7:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_1a:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2a:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2b:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_3a:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_3b:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_4:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_1a:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_1b:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_2a:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_2b:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_8:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_3:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_4:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_5:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_9:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_9_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_9_hotfix_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_9_hotfix_2a:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_9_hotfix_2b:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:vancouver:patch_9_hotfix_3a:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:a:servicenow:servicenow:washington_dc:-:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:early_availability:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:early_availability_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2a:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2b:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_3b:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2_hotfix_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3_hotfix_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3_hotfix_3:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4_hotfix_1a:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4_hotfix_1b:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4_hotfix_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4_hotfix_2a:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_5:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_5_hotfix_1:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_5_hotfix_2:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_5_hotfix_3:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_5_hotfix_4:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_5_hotfix_5:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_5_hotfix_6:*:*:*:*:*:*

cpe:2.3:a:servicenow:servicenow:washington_dc:patch_6:*:*:*:*:*:*

EPSS

Процентиль: 62%

0.0043

Низкий

7.5 High

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-25m4-rhwx-m523

CVSS3: 7.5

github

10 месяцев назад

BDU:2024-10960

CVSS3: 7.5

fstec

10 месяцев назад

Уязвимость системы управления ИТ-инфраструктурой Now Platform, связанная с непринятием мер по нейтрализации специальных элементов веб-страницы, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

EPSS

Процентиль: 62%

0.0043

Низкий

7.5 High

CVSS3

Дефекты

CWE-89