CVE-2024-5217
CRITICAL CISA KEV EPSS 99.9%
Published Jul 10, 20241y ago · Modified Jun 17, 20262w ago
9.2 CVSS 4.0
Published Jul 10, 2024 1y ago
Last Modified Jun 17, 2026 2w ago
KEV Listed Jul 29, 2024 1y ago
KEV Due Aug 19, 2024 681d overdue
Description
ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
CVSS Details
Base Score
Exploitability
Impact
Vector string
CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope X
Threat Intelligence
CISA Known Exploited Overdue 681d
- Added
- Jul 29, 2024
- Due
- Aug 19, 2024
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
EPSS Exploit Probability
99.9% percentile
Exploit & Patch Status
Actively Exploited (KEV)
No Patch Available
Weaknesses 2
CWE-184
CWE-697
Affected Products 99
| Vendor | Product | Version | Range |
|---|---|---|---|
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | utah | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | vancouver | any |
| servicenow | servicenow | washington_dc | any |
| servicenow | servicenow | washington_dc | any |
| servicenow | servicenow | washington_dc | any |
| servicenow | servicenow | washington_dc | any |
| servicenow | servicenow | washington_dc | any |
| servicenow | servicenow | washington_dc | any |
| servicenow | servicenow | washington_dc | any |
| servicenow | servicenow | washington_dc | any |
| servicenow | servicenow | washington_dc | any |
| servicenow | servicenow | washington_dc | any |
| servicenow | servicenow | washington_dc | any |
| servicenow | servicenow | washington_dc | any |
References 4
- support.servicenow.com https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293
- support.servicenow.com https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1648313
- cisa.gov https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-5217
- darkreading.com https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit
Remediation
No remediation data recorded yet
Check vendor advisories and the NVD entry for patch availability.