Overview
- Description
- ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow deployed an update to hosted instances and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes.
- Source
- psirt@servicenow.com
- NVD status
- Analyzed
Risk scores
CVSS 4.0
- Type
- Secondary
- Base score
- 9.3
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- CRITICAL
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
Social media
- Hype score
- Not currently trending
ServiceNow の脆弱性 CVE-2024-8923/8924 が FIX:サンドボック・エスケープ https://t.co/ZVXDYfC1uC #Cloud #ServiceNow #Vulnerability
@iototsecnews
8 Nov 2024
149 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
2024.11. 2 セキュリティニュース ServiceNowのNow Platformに「緊急」の脆弱性 リモートコード実行のリスク(会員限定) - ITmedia エンタープライズ ServiceNowはNow Platformの重大な脆弱性CVE-2024-8923および8924に対応したパッチを公表した。リモートからの不正アク… https://t.co/ycj0Tf94xV
@kawn2020
3 Nov 2024
32 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 New Alert! Critical #ServiceNow vulnerabilities (CVE-2024-8923) have been identified. If you use the NOW Platform, ensure your systems are protected against unauthorized access. Dive into the details and safeguard your data. 📌 Read More: https://t.co/NBo8ZGESj3… https://t.co
@socradar
1 Nov 2024
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ChatGPTのWeb検索機能ですが、新しい情報を知らない、もしくはハルシネーションを発生するようです。例えばCVE-2024-8923を調べて見ると「知らない」と回答します。 これPerplexityだとちゃんと詳細を説明してくれるのですけどね https://t.co/T03TQ40PNq
@shojiueda
1 Nov 2024
312 Impressions
2 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
ServiceNow fixes CVE-2024-8923 and CVE-2024-8924 #ServiceNow #CVE-2024-8924 #CVE-2024-8923 https://t.co/ExNvzAUbz9
@pravin_karthik
31 Oct 2024
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ServiceNowが重大(Critical)なサンドボックスエスケープの脆弱性を修正。CVE-2024-8923はCVSSスコア9.8で、入力検証の不備により未認証の攻撃者が遠隔から任意のコードを実行可能。CVSSスコア7.5のブラインドSQLインジェクションCVE-2024-8924も修正。 https://t.co/KgDildyCLO
@__kokumoto
31 Oct 2024
1932 Impressions
14 Retweets
19 Likes
2 Bookmarks
0 Replies
0 Quotes
⚠️⚠️ CVE-2024-8923 (CVSS 9.8) ServiceNow Patches Critical Sandbox Escape Vulnerability 🎯129k+ Results are found on the https://t.co/pb16tGYaKe nearly year. 🔗FOFA Link:https://t.co/Ac9iuKbeFq FOFA Query:app="servicenow-Products" 🔖Refer:https://t.co/ucPi7aDH9f #OSINT #FOFA…
@fofabot
31 Oct 2024
1715 Impressions
6 Retweets
19 Likes
10 Bookmarks
0 Replies
0 Quotes
ServiceNowは2つのCVEを公開しました。 認証されていないユーザーによるリモートコード実行(CVE-2024-8923)とブラインドSQLインジェクション(CVE-2024-8924)の脆弱性についてです。 それぞれCVSSスコアが9.3(CRITICAL)と8.7(HIGH)の脆弱性となります。 セキュリティパッチの適用状況をご確認ください。
@mio_yokohama
30 Oct 2024
1017 Impressions
5 Retweets
13 Likes
0 Bookmarks
1 Reply
1 Quote
[CVE-2024-8923: CRITICAL] ServiceNow fixed a critical input validation flaw on their Now Platform that could allow remote code execution by unauthorized users. Updates were deployed to all instances and shared wit...#cybersecurity,#vulnerability https://t.co/9URzln9OxD https://t.
@CveFindCom
29 Oct 2024
7 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:servicenow:servicenow:vancouver:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9DB67FCA-6127-486F-A866-3D5E63B81C35"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:vancouver:patch_1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9132AB29-33C1-4825-BAD4-2804C26316B1"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:vancouver:patch_2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8FCCFB6-DB7E-4DED-A7E0-1C03087754F5"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix1a:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1596163B-637A-49F9-B01F-C6CC297F7E5B"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:vancouver:patch_4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A74A3197-68F7-4303-A731-B87A8BF3F831"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1a:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F6A6F12-4D7A-4FD3-8FD6-C32D797BB810"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1b:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "847F9124-F3C6-4C93-9E80-544CB0580C8C"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:vancouver:patch_5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81880B84-5E9D-4B7F-B1D5-1BF8D25DAF5D"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:vancouver:patch_6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A58603E3-5AFC-4606-8F9E-1B4FF9A9B843"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_1a:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6CDFB167-F252-46A6-A5F6-EF9A4F93FC03"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_1b:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "43DE243B-E90A-4857-A3A6-3A045FE2D75F"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_2a:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33689F99-48DD-47C6-AFAC-DC5D10785860"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_2b:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F664F1F-5FB2-48B1-93C7-5DF415E673B7"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:vancouver:patch_8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C641B881-7379-448A-A785-3381C72F8353"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:vancouver:ptach_7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8ABC2CDB-4483-498A-9306-7A57DACE2214"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:washington_dc:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FFAC3BF9-2443-4C43-B67A-2BB99297D295"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "444DD275-789F-4C07-9D98-BBFAA1640DB3"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2a:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1DA447CA-A6A2-436C-9909-3F0419B7DD6F"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D18E2CD1-AC8E-4ABF-88DE-D3E61A297ED1"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6137BB81-6B48-4DCB-A9F6-A27D869C12FC"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:xanadu:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7680E7D1-4508-4A4F-99B9-D7690052F185"
}
],
"operator": "OR"
}
]
}
]