CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Aug 19, 2024
High
CISA KEVCVE-2024-5217
ServiceNow—Utah, Vancouver, and Washington DC Now Platform
ServiceNow Washington DC, Vancouver, and earlier Now Platform releases contain an incomplete list of disallowed inputs vulnerability in the GlideExpression script. An unauthenticated user could exploit this vulnerability to execute code remotely.
Required Action
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1648313; https://nvd.nist.gov/vuln/detail/CVE-2024-5217
Vulnerability Overview
- Severity
- High
- CISA KEV
- Yes
- Ransomware
- Unknown
- Published
- Jul 29, 2024
- KEV Added
- Jul 29, 2024
- Due Date
- Aug 19, 2024
- Related Articles
- 0
Vendor
ServiceNow
Utah, Vancouver, and Washington DC Now Platform