COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2024-5217

CVE-2024-5217

Severity
high · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2024-07-29
Reference
https://nvd.nist.gov/vuln/detail/CVE-2024-5217
⌖ exploited in the wild shame 50/100 exploited-in-wild

ServiceNow Washington DC, Vancouver, and earlier Now Platform releases contain an incomplete list of disallowed inputs vulnerability in the GlideExpression script. An unauthenticated user could exploit this vulnerability to execute code remotely.

Players implicated

ServiceNow · vendorUtah, Vancouver, and Washington DC Now Platform · product

Description

ServiceNow Washington DC, Vancouver, and earlier Now Platform releases contain an incomplete list of disallowed inputs vulnerability in the GlideExpression script. An unauthenticated user could exploit this vulnerability to execute code remotely.

Affected FedRAMP products 1 in the catalog

ProductProviderStatusMatch
Government Community Cloud ServiceNow Authorized vendor-exact · 0.90