ServiceNow - July 2024 vulnerabilities

Created on 2024-07-27 20:58, updated on 2024-07-27 21:00, by Alexandre Dulaunoy
JSON
Description
  • KB1648313 CVE-2024-5217 - Incomplete Input Validation in GlideExpression Script 2024-07-10
  • KB1648312 CVE-2024-5178 - Incomplete Input Validation in SecurelyAccess API 2024-07-10
  • KB1645154 CVE-2024-4879 - Jelly Template Injection Vulnerability in ServiceNow UI Macros 2024-07-10

CVE-2024-4879 sounds to be the most serious vulnerability allowing RCE for non-authenticated users.

ref: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1226057

Vulnerabilities included in this bundle
Combined detection rules

Detection rules are retrieved from Rulezet.

Combined sightings
Author Vulnerability Source Type Date