All the vulnerabilites related to Servicenow - Now Platform
cve-2022-46389
Vulnerability from cvelistv5
Published
2023-04-17 00:00
Modified
2024-08-03 14:31
Severity
Summary
Cross-Site Scripting (XSS) vulnerability found on logout functionality
Impacted products
| Vendor | Product |
|---|---|
| ServiceNow | Now Platform |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:31:46.337Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1272156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Now Platform",
"vendor": "ServiceNow",
"versions": [
{
"lessThan": "Patch 10 Hotfix 11b",
"status": "affected",
"version": "Quebec",
"versionType": "custom"
},
{
"lessThan": "Patch 10 Hotfix 3b",
"status": "affected",
"version": "Rome",
"versionType": "custom"
},
{
"lessThan": "Patch 9",
"status": "affected",
"version": "San Diego",
"versionType": "custom"
},
{
"lessThan": "Patch 4",
"status": "affected",
"version": "Tokyo",
"versionType": "custom"
},
{
"lessThan": "GA",
"status": "affected",
"version": "Utah",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Bao Bui a.k.a 0xd0ff9 from VNG Security Team"
}
],
"datePublic": "2023-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "There exists a reflected XSS within the logout functionality of ServiceNow versions lower than Quebec Patch 10 Hotfix 11b, Rome Patch 10 Hotfix 3b, San Diego Patch 9, Tokyo Patch 4, and Utah GA. This enables an unauthenticated remote attacker to execute arbitrary JavaScript code in the browser-based web console."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-17T00:00:00",
"orgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"shortName": "SN"
},
"references": [
{
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1272156"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Cross-Site Scripting (XSS) vulnerability found on logout functionality",
"x_generator": {
"engine": "Vulnogram 0.0.9"
}
}
},
"cveMetadata": {
"assignerOrgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"assignerShortName": "SN",
"cveId": "CVE-2022-46389",
"datePublished": "2023-04-17T00:00:00",
"dateReserved": "2022-12-04T00:00:00",
"dateUpdated": "2024-08-03T14:31:46.337Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-43684
Vulnerability from cvelistv5
Published
2023-06-13 18:51
Modified
2024-08-03 13:40
Severity
Summary
ACL bypass in Reporting functionality
References
Impacted products
| Vendor | Product |
|---|---|
| ServiceNow | Now Platform |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T13:40:06.227Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1303489"
},
{
"tags": [
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2023/Jul/11"
},
{
"tags": [
"x_transferred"
],
"url": "https://news.ycombinator.com/item?id=36638530"
},
{
"tags": [
"x_transferred"
],
"url": "https://x64.sh/posts/ServiceNow-Insecure-access-control-to-admin/"
},
{
"tags": [
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/173354/ServiceNow-Insecure-Access-Control-Full-Admin-Compromise.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Now Platform",
"vendor": "ServiceNow",
"versions": [
{
"lessThan": "Patch 10 Hot Fix 8b",
"status": "affected",
"version": "Quebec",
"versionType": "custom"
},
{
"lessThan": "Patch 10 Hot Fix 1",
"status": "affected",
"version": "Rome",
"versionType": "custom"
},
{
"lessThan": "Patch 7",
"status": "affected",
"version": "San Diego",
"versionType": "custom"
},
{
"lessThan": "Tokyo Patch 1",
"status": "affected",
"version": "Tokyo",
"versionType": "custom"
},
{
"lessThan": "Utah General Availability (GA)",
"status": "affected",
"version": "Utah",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Luke Symons"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tony Wu"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Eldar Marcussen"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Gareth Phillips"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Jeff Thomas"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Nadeem Salim"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Stephen Bradshaw"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003e\u003cp\u003eServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality.\u003c/p\u003e\u003c/div\u003e\u003cp\u003e\u003cstrong\u003eAdditional Details\u003c/strong\u003e\u003c/p\u003e\u003cdiv\u003e\u003cp\u003eThis issue is present in the following supported ServiceNow releases: \u003c/p\u003e\u003c/div\u003e\u003cdiv\u003e\u003cul\u003e\u003cli\u003eQuebec prior to Patch 10 Hot Fix 8b\u003c/li\u003e\u003cli\u003eRome prior to Patch 10 Hot Fix 1\u003c/li\u003e\u003cli\u003eSan Diego prior to Patch 7\u003c/li\u003e\u003cli\u003eTokyo prior to Tokyo Patch 1; and \u003c/li\u003e\u003cli\u003eUtah prior to Utah General Availability \u003c/li\u003e\u003c/ul\u003e\u003c/div\u003e\u003cdiv\u003e\u003cp\u003eIf this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls.\u003c/p\u003e\u003c/div\u003e"
}
],
"value": "ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality.\n\n\n\nAdditional Details\n\nThis issue is present in the following supported ServiceNow releases: \n\n\n\n * Quebec prior to Patch 10 Hot Fix 8b\n * Rome prior to Patch 10 Hot Fix 1\n * San Diego prior to Patch 7\n * Tokyo prior to Tokyo Patch 1; and \n * Utah prior to Utah General Availability \n\n\n\n\nIf this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T18:51:42.642Z",
"orgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"shortName": "SN"
},
"references": [
{
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1303489"
},
{
"url": "http://seclists.org/fulldisclosure/2023/Jul/11"
},
{
"url": "https://news.ycombinator.com/item?id=36638530"
},
{
"url": "https://x64.sh/posts/ServiceNow-Insecure-access-control-to-admin/"
},
{
"url": "http://packetstormsecurity.com/files/173354/ServiceNow-Insecure-Access-Control-Full-Admin-Compromise.html"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "ACL bypass in Reporting functionality",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"assignerShortName": "SN",
"cveId": "CVE-2022-43684",
"datePublished": "2023-06-13T18:51:39.984Z",
"dateReserved": "2022-10-24T04:08:01.240Z",
"dateUpdated": "2024-08-03T13:40:06.227Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-39048
Vulnerability from cvelistv5
Published
2023-04-10 00:00
Modified
2024-08-03 11:10
Severity
Summary
Cross-Site Scripting (XSS) vulnerability in ServiceNow UI page assessment_redirect
References
Impacted products
| Vendor | Product |
|---|---|
| Servicenow | Now Platform |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T11:10:32.338Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.servicenow.com/"
},
{
"tags": [
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1221892"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Now Platform",
"vendor": "Servicenow",
"versions": [
{
"changes": [
{
"at": "Patch 2",
"status": "unaffected"
}
],
"lessThan": "Patch 1a",
"status": "affected",
"version": "Tokyo",
"versionType": "custom"
},
{
"changes": [
{
"at": "Patch 9",
"status": "unaffected"
}
],
"lessThan": "Patch 7b",
"status": "affected",
"version": "San Diego",
"versionType": "custom"
},
{
"lessThan": "Patch 10 Hotfix 2b",
"status": "affected",
"version": "Rome",
"versionType": "custom"
},
{
"lessThan": "Patch 10 Hotfix 10b",
"status": "affected",
"version": "Quebec",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "theamanrawat"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eA XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks, including, but not limited to, phishing, redirection, theft of CSRF tokens, and use of an authenticated user\u0027s browser or session to attack other systems.\u003c/p\u003e"
}
],
"value": "A XSS vulnerability was identified in the ServiceNow UI page assessment_redirect. To exploit this vulnerability, an attacker would need to persuade an authenticated user to click a maliciously crafted URL. Successful exploitation potentially could be used to conduct various client-side attacks, including, but not limited to, phishing, redirection, theft of CSRF tokens, and use of an authenticated user\u0027s browser or session to attack other systems.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross Site Scripting (XSS)",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T15:27:13.546Z",
"orgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"shortName": "SN"
},
"references": [
{
"url": "https://support.servicenow.com/"
},
{
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1221892"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Cross-Site Scripting (XSS) vulnerability in ServiceNow UI page assessment_redirect",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"assignerShortName": "SN",
"cveId": "CVE-2022-39048",
"datePublished": "2023-04-10T00:00:00",
"dateReserved": "2022-08-31T00:00:00",
"dateUpdated": "2024-08-03T11:10:32.338Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-5178
Vulnerability from cvelistv5
Published
2024-07-10 16:23
Modified
2024-08-01 21:03
Severity
6.9 (Medium) - cvssV4_0 - CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
4.9 (Medium) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
4.9 (Medium) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Summary
Incomplete Input Validation in SecurelyAccess API
References
Impacted products
| Vendor | Product |
|---|---|
| ServiceNow | Now Platform |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5178",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-11T16:42:23.827649Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T16:42:33.387Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:03:11.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1648312"
},
{
"tags": [
"x_login-required",
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1644293"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Now Platform",
"vendor": "ServiceNow",
"versions": [
{
"lessThan": "Utah Patch 10 Hot Fix 3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Utah Patch 10a Hot Fix 2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Utah Patch 10b Hot Fix 1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 6 Hot Fix 2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 7 Hot Fix 3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 8 Hot Fix 4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 9 Hot Fix 1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 1 Hot Fix 3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 2 Hot Fix 2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 3 Hot Fix 2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Kues"
},
{
"lang": "en",
"type": "finder",
"value": "Assetnote Attack Surface Management"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eServiceNow has addressed a sensitive file read vulnerability that was identified in the Washington DC, Vancouver, and Utah Now Platform releases. This vulnerability could allow an administrative user to gain unauthorized access to sensitive files on the web application server.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability is addressed in the listed patches and hot fixes, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "ServiceNow has addressed a sensitive file read vulnerability that was identified in the Washington DC, Vancouver, and Utah Now Platform releases. This vulnerability could allow an administrative user to gain unauthorized access to sensitive files on the web application server.\u00a0The vulnerability is addressed in the listed patches and hot fixes, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "HIGH",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "NONE",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-184",
"description": "CWE-184 Incomplete List of Disallowed Inputs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-11T21:35:29.680Z",
"orgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"shortName": "SN"
},
"references": [
{
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1648312"
},
{
"tags": [
"x_login-required"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1644293"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incomplete Input Validation in SecurelyAccess API",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"assignerShortName": "SN",
"cveId": "CVE-2024-5178",
"datePublished": "2024-07-10T16:23:39.270Z",
"dateReserved": "2024-05-21T16:40:28.169Z",
"dateUpdated": "2024-08-01T21:03:11.076Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-5217
Vulnerability from cvelistv5
Published
2024-07-10 16:28
Modified
2024-08-01 21:03
Severity
9.2 (Critical) - cvssV4_0 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.8 (Critical) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Incomplete Input Validation in GlideExpression Script
References
Impacted products
| Vendor | Product |
|---|---|
| ServiceNow | Now Platform |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10b_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-5217",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T19:00:26.864987Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-07-29",
"reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T19:00:29.497Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T21:03:11.097Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1648313"
},
{
"tags": [
"x_login-required",
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1644293"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Now Platform",
"vendor": "ServiceNow",
"versions": [
{
"lessThan": "Utah Patch 10 Hot Fix 3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Utah Patch 10a Hot Fix 2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Utah Patch 10b Hot Fix 1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 6 Hot Fix 2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 7 Hot Fix 3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 8 Hot Fix 4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 9 Hot Fix 1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 1 Hot Fix 3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 2 Hot Fix 2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 3 Hot Fix 2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 5",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Kues"
},
{
"lang": "en",
"type": "finder",
"value": "Assetnote Attack Surface Management"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform.\u0026nbsp;\u003c/span\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eThe vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.\u003c/span\u003e\u003cbr\u003e"
}
],
"value": "ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform.\u00a0The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "NETWORK",
"baseScore": 9.2,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-184",
"description": "CWE-184 Incomplete List of Disallowed Inputs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T17:00:47.822Z",
"orgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"shortName": "SN"
},
"references": [
{
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1648313"
},
{
"tags": [
"x_login-required"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1644293"
},
{
"url": "https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Incomplete Input Validation in GlideExpression Script",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"assignerShortName": "SN",
"cveId": "CVE-2024-5217",
"datePublished": "2024-07-10T16:28:32.649Z",
"dateReserved": "2024-05-22T18:36:08.570Z",
"dateUpdated": "2024-08-01T21:03:11.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-4879
Vulnerability from cvelistv5
Published
2024-07-10 16:16
Modified
2024-08-01 20:55
Severity
9.3 (Critical) - cvssV4_0 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
9.8 (Critical) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - cvssV3_1 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Jelly Template Injection Vulnerability in ServiceNow UI Macros
References
Impacted products
| Vendor | Product |
|---|---|
| ServiceNow | Now Platform |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "servicenow",
"vendor": "servicenow",
"versions": [
{
"lessThan": "utah_patch_10_hot_fix_3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "utah_patch_10a_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_6_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_7_hot_fix_3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_8_hot_fix_4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "vancouver_patch_10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_1_hot_fix_2b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_2_hot_fix_2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_3_hot_fix_1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "washington_dc_patch_4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4879",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-29T18:58:02.257329Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2024-07-29",
"reference": "https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-29T19:01:07.944Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:55:10.283Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1645154"
},
{
"tags": [
"x_login-required",
"x_transferred"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1644293"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Now Platform",
"vendor": "ServiceNow",
"versions": [
{
"lessThan": "Utah Patch 10 Hot Fix 3",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Utah Patch 10a Hot Fix 2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 6 Hot Fix 2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 7 Hot Fix 3b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 8 Hot Fix 4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 9",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Vancouver Patch 10",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 1 Hot Fix 2b",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 2 Hot Fix 2",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 3 Hot Fix 1",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "Washington DC Patch 4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Adam Kues"
},
{
"lang": "en",
"type": "finder",
"value": "Assetnote Attack Surface Management"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003e\u003cspan style=\"background-color: rgb(255, 255, 255);\"\u003eServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform.\u003c/span\u003e\u0026nbsp;\u003c/span\u003eServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.\u003cdiv\u003e\u003c/div\u003e"
}
],
"value": "ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform.\u00a0ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible."
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 9.3,
"baseSeverity": "CRITICAL",
"privilegesRequired": "NONE",
"providerUrgency": "NOT_DEFINED",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-1287",
"description": "CWE-1287 Improper Validation of Specified Type of Input",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-10T17:21:44.015Z",
"orgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"shortName": "SN"
},
"references": [
{
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1645154"
},
{
"tags": [
"x_login-required"
],
"url": "https://support.servicenow.com/kb?id=kb_article_view\u0026sysparm_article=KB1644293"
},
{
"url": "https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Jelly Template Injection Vulnerability in ServiceNow UI Macros",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "303448ea-6ef3-4077-ad29-5c9bf253c375",
"assignerShortName": "SN",
"cveId": "CVE-2024-4879",
"datePublished": "2024-07-10T16:16:39.926Z",
"dateReserved": "2024-05-14T17:39:41.655Z",
"dateUpdated": "2024-08-01T20:55:10.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}