cbcvebase.
CVE-2024-8923
published 2024-10-29

CVE-2024-8923: ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to…

PriorityP264critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
1.11%
61.7th percentile
ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow deployed an update to hosted instances and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes.

Affected

8 ranges
VendorProductVersion rangeFixed in
servicenownow_platform< Vancouver Patch 9 Hot Fix 2aVancouver Patch 9 Hot Fix 2a
servicenownow_platform< Vancouver Patch 10Vancouver Patch 10
servicenownow_platform< Washington DC Patch 4 Hot Fix 1aWashington DC Patch 4 Hot Fix 1a
servicenownow_platform< Washington DC Patch 5Washington DC Patch 5
servicenownow_platform< Xanadu GA ReleaseXanadu GA Release
servicenowservicenow
servicenowservicenow
servicenowservicenow

CVSS provenance

nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.