Detections
Analytics

ServiceNow Platform Input Validation (CVE-2024-4879) (Direct Check)

critical Nessus Plugin ID 214850

Synopsis

A document publishing application is affected by an input validation vulnerability.

Description

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.

Solution

Upgrade to the version referenced in the vendor advisory.

See Also

http://www.nessus.org/u?39b95cbb

Plugin Details

Severity: Critical

ID: 214850

File Name: servicenow_cve-2024-4879.nbin

Version: 1.2

Type: remote

Family: CGI abuses

Published: 1/31/2025

Updated: 2/1/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2024-4879

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:servicenow:servicenow

Required KB Items: installed_sw/ServiceNow Platform

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 7/10/2024

Vulnerability Publication Date: 7/10/2024

CISA Known Exploited Vulnerability Due Dates: 8/19/2024

Reference Information

CVE: CVE-2024-4879

IAVA: 2024-A-0454