CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2024-5217	High	94.1%	ServiceNowUtah, Vancouver, and Washington DC Now Platform	ServiceNow Washington DC, Vancouver, and earlier Now Platform releases contain an incomplete list of disallowed inputs vulnerability in the GlideExpression script. An unauthenticated user could exploit this vulnerability to execute code remotely.	Jul 29, 2024	KEV
CVE-2024-4879	High	94.3%	ServiceNowUtah, Vancouver, and Washington DC Now Platform	ServiceNow Utah, Vancouver, and Washington DC Now Platform releases contain a jelly template injection vulnerability in UI macros. An unauthenticated user could exploit this vulnerability to execute code remotely.	Jul 29, 2024	KEV

CVE-2024-5217KEV

High

ServiceNow Washington DC, Vancouver, and earlier Now Platform releases contain an incomplete list of disallowed inputs vulnerability in the GlideExpression script. An unauthenticated user could exploit this vulnerability to execute code remotely.

ServiceNowEPSS 94.1%

CVE-2024-4879KEV

High

ServiceNow Utah, Vancouver, and Washington DC Now Platform releases contain a jelly template injection vulnerability in UI macros. An unauthenticated user could exploit this vulnerability to execute code remotely.

ServiceNowEPSS 94.3%