ServiceNow Improper Input Validation Vulnerability

Added July 29, 2024 • Due Aug. 19, 2024 • CVE-2024-4879

Overdue ServiceNow / Utah, Vancouver, and Washington DC Now CWE-1287

Description

ServiceNow Utah, Vancouver, and Washington DC Now releases contain a jelly template injection vulnerability in UI macros. An unauthenticated user could exploit this vulnerability to execute code remotely.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

References

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1645154
https://nvd.nist.gov/vuln/detail/CVE-2024-4879

Additional Information

Catalog Version: 2025.01.24
Catalog Released: Jan. 24, 2025
Days Until Due: 0 days
Last Updated: 5 months, 2 weeks ago