ServiceNow Now Platform RCE via Input Validation Flaw
CVE-2024-4879 Published on July 10, 2024
Jelly Template Injection Vulnerability in ServiceNow UI Macros
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
Known Exploited Vulnerability
This ServiceNow Improper Input Validation Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. ServiceNow Utah, Vancouver, and Washington DC Now releases contain a jelly template injection vulnerability in UI macros. An unauthenticated user could exploit this vulnerability to execute code remotely. .
The following remediation steps are recommended / required by August 19, 2024: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Vulnerability Analysis
CVE-2024-4879 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. This vulnerability is known to be actively exploited by threat actors in an automatable fashion. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
Improper Validation of Specified Type of Input
The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.
Products Associated with CVE-2024-4879
Want to know whenever a new CVE is published for Servicenow? stack.watch will email you.
Affected Versions
ServiceNow Now Platform:- Before Utah Patch 10 Hot Fix 3 is affected.
- Before Utah Patch 10a Hot Fix 2 is affected.
- Before Vancouver Patch 6 Hot Fix 2 is affected.
- Before Vancouver Patch 7 Hot Fix 3b is affected.
- Before Vancouver Patch 8 Hot Fix 4 is affected.
- Before Vancouver Patch 9 is affected.
- Before Vancouver Patch 10 is affected.
- Before Washington DC Patch 1 Hot Fix 2b is affected.
- Before Washington DC Patch 2 Hot Fix 2 is affected.
- Before Washington DC Patch 3 Hot Fix 1 is affected.
- Before Washington DC Patch 4 is affected.
- Before utah_patch_10_hot_fix_3 is affected.
- Before utah_patch_10a_hot_fix_2 is affected.
- Before vancouver_patch_6_hot_fix_2 is affected.
- Before vancouver_patch_7_hot_fix_3b is affected.
- Before vancouver_patch_8_hot_fix_4 is affected.
- Before vancouver_patch_9 is affected.
- Before vancouver_patch_10 is affected.
- Before washington_dc_patch_1_hot_fix_2b is affected.
- Before washington_dc_patch_2_hot_fix_2 is affected.
- Before washington_dc_patch_3_hot_fix_1 is affected.
- Before washington_dc_patch_4 is affected.
- Before utah_patch_10_hot_fix_3 is affected.
- Before utah_patch_10a_hot_fix_2 is affected.
- Before vancouver_patch_6_hot_fix_2 is affected.
- Before vancouver_patch_7_hot_fix_3b is affected.
- Before vancouver_patch_8_hot_fix_4 is affected.
- Before vancouver_patch_9 is affected.
- Before vancouver_patch_10 is affected.
- Before washington_dc_patch_1_hot_fix_2b is affected.
- Before washington_dc_patch_2_hot_fix_2 is affected.
- Before washington_dc_patch_3_hot_fix_1 is affected.
- Before washington_dc_patch_4 is affected.
- Before utah_patch_10_hot_fix_3 is affected.
- Before utah_patch_10a_hot_fix_2 is affected.
- Before vancouver_patch_6_hot_fix_2 is affected.
- Before vancouver_patch_7_hot_fix_3b is affected.
- Before vancouver_patch_8_hot_fix_4 is affected.
- Before vancouver_patch_9 is affected.
- Before vancouver_patch_10 is affected.
- Before washington_dc_patch_1_hot_fix_2b is affected.
- Before washington_dc_patch_2_hot_fix_2 is affected.
- Before washington_dc_patch_3_hot_fix_1 is affected.
- Before washington_dc_patch_4 is affected.
- Before utah_patch_10_hot_fix_3 is affected.
- Before utah_patch_10a_hot_fix_2 is affected.
- Before vancouver_patch_6_hot_fix_2 is affected.
- Before vancouver_patch_7_hot_fix_3b is affected.
- Before vancouver_patch_8_hot_fix_4 is affected.
- Before vancouver_patch_9 is affected.
- Before vancouver_patch_10 is affected.
- Before washington_dc_patch_1_hot_fix_2b is affected.
- Before washington_dc_patch_2_hot_fix_2 is affected.
- Before washington_dc_patch_3_hot_fix_1 is affected.
- Before washington_dc_patch_4 is affected.
- Before utah_patch_10_hot_fix_3 is affected.
- Before utah_patch_10a_hot_fix_2 is affected.
- Before vancouver_patch_6_hot_fix_2 is affected.
- Before vancouver_patch_7_hot_fix_3b is affected.
- Before vancouver_patch_8_hot_fix_4 is affected.
- Before vancouver_patch_9 is affected.
- Before vancouver_patch_10 is affected.
- Before washington_dc_patch_1_hot_fix_2b is affected.
- Before washington_dc_patch_2_hot_fix_2 is affected.
- Before washington_dc_patch_3_hot_fix_1 is affected.
- Before washington_dc_patch_4 is affected.
- Before utah_patch_10_hot_fix_3 is affected.
- Before utah_patch_10a_hot_fix_2 is affected.
- Before vancouver_patch_6_hot_fix_2 is affected.
- Before vancouver_patch_7_hot_fix_3b is affected.
- Before vancouver_patch_8_hot_fix_4 is affected.
- Before vancouver_patch_9 is affected.
- Before vancouver_patch_10 is affected.
- Before washington_dc_patch_1_hot_fix_2b is affected.
- Before washington_dc_patch_2_hot_fix_2 is affected.
- Before washington_dc_patch_3_hot_fix_1 is affected.
- Before washington_dc_patch_4 is affected.
- Before utah_patch_10_hot_fix_3 is affected.
- Before utah_patch_10a_hot_fix_2 is affected.
- Before vancouver_patch_6_hot_fix_2 is affected.
- Before vancouver_patch_7_hot_fix_3b is affected.
- Before vancouver_patch_8_hot_fix_4 is affected.
- Before vancouver_patch_9 is affected.
- Before vancouver_patch_10 is affected.
- Before washington_dc_patch_1_hot_fix_2b is affected.
- Before washington_dc_patch_2_hot_fix_2 is affected.
- Before washington_dc_patch_3_hot_fix_1 is affected.
- Before washington_dc_patch_4 is affected.
- Before utah_patch_10_hot_fix_3 is affected.
- Before utah_patch_10a_hot_fix_2 is affected.
- Before vancouver_patch_6_hot_fix_2 is affected.
- Before vancouver_patch_7_hot_fix_3b is affected.
- Before vancouver_patch_8_hot_fix_4 is affected.
- Before vancouver_patch_9 is affected.
- Before vancouver_patch_10 is affected.
- Before washington_dc_patch_1_hot_fix_2b is affected.
- Before washington_dc_patch_2_hot_fix_2 is affected.
- Before washington_dc_patch_3_hot_fix_1 is affected.
- Before washington_dc_patch_4 is affected.
- Before utah_patch_10_hot_fix_3 is affected.
- Before utah_patch_10a_hot_fix_2 is affected.
- Before vancouver_patch_6_hot_fix_2 is affected.
- Before vancouver_patch_7_hot_fix_3b is affected.
- Before vancouver_patch_8_hot_fix_4 is affected.
- Before vancouver_patch_9 is affected.
- Before vancouver_patch_10 is affected.
- Before washington_dc_patch_1_hot_fix_2b is affected.
- Before washington_dc_patch_2_hot_fix_2 is affected.
- Before washington_dc_patch_3_hot_fix_1 is affected.
- Before washington_dc_patch_4 is affected.
- Before utah_patch_10_hot_fix_3 is affected.
- Before utah_patch_10a_hot_fix_2 is affected.
- Before vancouver_patch_6_hot_fix_2 is affected.
- Before vancouver_patch_7_hot_fix_3b is affected.
- Before vancouver_patch_8_hot_fix_4 is affected.
- Before vancouver_patch_9 is affected.
- Before vancouver_patch_10 is affected.
- Before washington_dc_patch_1_hot_fix_2b is affected.
- Before washington_dc_patch_2_hot_fix_2 is affected.
- Before washington_dc_patch_3_hot_fix_1 is affected.
- Before washington_dc_patch_4 is affected.
- Before utah_patch_10_hot_fix_3 is affected.
- Before utah_patch_10a_hot_fix_2 is affected.
- Before vancouver_patch_6_hot_fix_2 is affected.
- Before vancouver_patch_7_hot_fix_3b is affected.
- Before vancouver_patch_8_hot_fix_4 is affected.
- Before vancouver_patch_9 is affected.
- Before vancouver_patch_10 is affected.
- Before washington_dc_patch_1_hot_fix_2b is affected.
- Before washington_dc_patch_2_hot_fix_2 is affected.
- Before washington_dc_patch_3_hot_fix_1 is affected.
- Before washington_dc_patch_4 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.