CVE-2024-4879

ServiceNow | Utah, Vancouver, and Washington DC Now PlatformAdded 2024-07-29Remediation Deadline 2024-08-19

ServiceNow Improper Input Validation Vulnerability

ServiceNow Utah, Vancouver, and Washington DC Now Platform releases contain a jelly template injection vulnerability in UI macros. An unauthenticated user could exploit this vulnerability to execute code remotely.

Required Action

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Weakness Classification

CWE-1287

References

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1645154
https://nvd.nist.gov/vuln/detail/CVE-2024-4879

Cybersecurity Alerts

CVE-2024-4879

ServiceNow Improper Input Validation Vulnerability

Required Action

Weakness Classification

References