CVE-2024-8923

servicenow vulnerability - servicenow

Critical CVSS Score: 9.8 Published: 2024-10-29

Description

ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow deployed an update to hosted instances and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes.

Affected Systems

Vendor	servicenow
Product	servicenow
Affected Versions	xanadu
CWE ID	CWE-94

Mitigation

Apply the latest security patches from the vendor, restrict network exposure where applicable, and monitor for exploitation attempts.

Fix Instructions

Refer to the vendor advisory and apply the latest security updates. See references for detailed patching instructions.

References

https://support.servicenow.com/kb?id=kb_article_view&sysparm...

Risk Assessment

CVSS: 9.8/10

Exploit Available	Unknown
Patch Available	Yes

Need Help Patching?

Our security team can help assess and remediate this vulnerability in your environment.

Get Help

Stay Ahead of Threats

Subscribe to our vulnerability feed and get instant alerts when new CVEs affect your systems.

Start Monitoring