CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Aug 19, 2024

CVE-2024-5217

High

EPSS 94.1%CISA KEV

ServiceNow/Utah, Vancouver, and Washington DC Now Platform

Description

ServiceNow Washington DC, Vancouver, and earlier Now Platform releases contain an incomplete list of disallowed inputs vulnerability in the GlideExpression script. An unauthenticated user could exploit this vulnerability to execute code remotely.

EPSS — Exploit Probability

94.1%

Higher than 99.9% of all CVEs

Required Action

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1648313; https://nvd.nist.gov/vuln/detail/CVE-2024-5217

Risk Assessment

HIGH

In CISA KEV

High EPSS

Details

Severity: High
EPSS: 94.1%
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

Jul 29, 2024

Added to KEV

Jul 29, 2024

Remediation Due

Aug 19, 2024

Affected Product

ServiceNow

Utah, Vancouver, and Washington DC Now Platform

View all ServiceNow CVEs

External Links

NVD (NIST)CVE Details MITRE CVE