CVE-2024-8923
published 2024-10-29CVE-2024-8923: ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to…
PriorityP264critical10CVSS 3.1
AVNACLPRNUINSCCHIHAH
EPSS
1.11%
61.7th percentile
ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow deployed an update to hosted instances and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| servicenow | now_platform | < Vancouver Patch 9 Hot Fix 2a | Vancouver Patch 9 Hot Fix 2a |
| servicenow | now_platform | < Vancouver Patch 10 | Vancouver Patch 10 |
| servicenow | now_platform | < Washington DC Patch 4 Hot Fix 1a | Washington DC Patch 4 Hot Fix 1a |
| servicenow | now_platform | < Washington DC Patch 5 | Washington DC Patch 5 |
| servicenow | now_platform | < Xanadu GA Release | Xanadu GA Release |
| servicenow | servicenow | — | — |
| servicenow | servicenow | — | — |
| servicenow | servicenow | — | — |
CVSS provenance
nvdv3.110.0CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
nvdv4.09.3CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2024-10-29
Published