Overview
- Description
- ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information. ServiceNow deployed an update to hosted instances, and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes.
- Source
- psirt@servicenow.com
- NVD status
- Analyzed
Risk scores
CVSS 4.0
- Type
- Secondary
- Base score
- 8.7
- Impact score
- -
- Exploitability score
- -
- Vector string
- CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
- Severity
- HIGH
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
Social media
- Hype score
- Not currently trending
Hot topic! CVE-2024-8924 - Unauthenticated Blind SQL Injection in Core Platform https://t.co/LCtHrs59mx
@rickcable
31 Oct 2024
4 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ServiceNow fixes CVE-2024-8923 and CVE-2024-8924 #ServiceNow #CVE-2024-8924 #CVE-2024-8923 https://t.co/ExNvzAUbz9
@pravin_karthik
31 Oct 2024
35 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
ServiceNowが重大(Critical)なサンドボックスエスケープの脆弱性を修正。CVE-2024-8923はCVSSスコア9.8で、入力検証の不備により未認証の攻撃者が遠隔から任意のコードを実行可能。CVSSスコア7.5のブラインドSQLインジェクションCVE-2024-8924も修正。 https://t.co/KgDildyCLO
@__kokumoto
31 Oct 2024
1932 Impressions
14 Retweets
19 Likes
2 Bookmarks
0 Replies
0 Quotes
ServiceNowは2つのCVEを公開しました。 認証されていないユーザーによるリモートコード実行(CVE-2024-8923)とブラインドSQLインジェクション(CVE-2024-8924)の脆弱性についてです。 それぞれCVSSスコアが9.3(CRITICAL)と8.7(HIGH)の脆弱性となります。 セキュリティパッチの適用状況をご確認ください。
@mio_yokohama
30 Oct 2024
1017 Impressions
5 Retweets
13 Likes
0 Bookmarks
1 Reply
1 Quote
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:servicenow:servicenow:vancouver:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9DB67FCA-6127-486F-A866-3D5E63B81C35"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:vancouver:patch_1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9132AB29-33C1-4825-BAD4-2804C26316B1"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:vancouver:patch_2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E8FCCFB6-DB7E-4DED-A7E0-1C03087754F5"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_1a:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8CFD4017-5B8E-4CAF-B9E5-4A675C11F01A"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:vancouver:patch_4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A74A3197-68F7-4303-A731-B87A8BF3F831"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1a:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F6A6F12-4D7A-4FD3-8FD6-C32D797BB810"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1b:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "847F9124-F3C6-4C93-9E80-544CB0580C8C"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:vancouver:patch_5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81880B84-5E9D-4B7F-B1D5-1BF8D25DAF5D"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:vancouver:patch_6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A58603E3-5AFC-4606-8F9E-1B4FF9A9B843"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_1a:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6CDFB167-F252-46A6-A5F6-EF9A4F93FC03"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_1b:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "43DE243B-E90A-4857-A3A6-3A045FE2D75F"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_2a:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "33689F99-48DD-47C6-AFAC-DC5D10785860"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_2b:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F664F1F-5FB2-48B1-93C7-5DF415E673B7"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:vancouver:patch_8:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C641B881-7379-448A-A785-3381C72F8353"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:vancouver:ptach_7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8ABC2CDB-4483-498A-9306-7A57DACE2214"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:washington_dc:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FFAC3BF9-2443-4C43-B67A-2BB99297D295"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "444DD275-789F-4C07-9D98-BBFAA1640DB3"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2a:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1DA447CA-A6A2-436C-9909-3F0419B7DD6F"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D18E2CD1-AC8E-4ABF-88DE-D3E61A297ED1"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6137BB81-6B48-4DCB-A9F6-A27D869C12FC"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4_hotfix_2a:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E038E7CE-F29B-4684-A20A-BD564C2F72D0"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:washington_dc:patch_5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9CD5A918-9B71-4CFD-A6DB-437D3B647C6A"
},
{
"criteria": "cpe:2.3:a:servicenow:servicenow:xanadu:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7680E7D1-4508-4A4F-99B9-D7690052F185"
}
],
"operator": "OR"
}
]
}
]