CVE-2024-8923
9.3
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Summary
ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow deployed an update to hosted instances and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| ServiceNow | Now Platform | 0 < Vancouver Patch 9 Hot Fix 2a | affected |
| ServiceNow | Now Platform | 0 < Vancouver Patch 10 | affected |
| ServiceNow | Now Platform | 0 < Washington DC Patch 4 Hot Fix 1a | affected |
| ServiceNow | Now Platform | 0 < Washington DC Patch 5 | affected |
| ServiceNow | Now Platform | 0 < Xanadu GA Release | affected |
Weaknesses
- CWE-94: CWE-94 Improper Control of Generation of Code ('Code Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: yes
- Technical Impact: total
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.