CVE-2024-4879 - ServiceNow Improper Input Validation Vulnerability
CVE-2024-4879
ServiceNow | Utah, Vancouver, and Washington DC Now
- Date Added:
- 2024-07-29
- Due Date:
- 2024-08-19
- Vulnerability Name
ServiceNow Improper Input Validation Vulnerability
- Description
ServiceNow Utah, Vancouver, and Washington DC Now releases contain a jelly template injection vulnerability in UI macros. An unauthenticated user could exploit this vulnerability to execute code remotely.
- Known To Be Used in Ransomware Campaigns?
Unknown
- Action
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
- Additional Notes
- https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1645154; https://nvd.nist.gov/vuln/detail/CVE-2024-4879
- Related News Articles
Free security scan for your website