CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-5217

Critical Severity
Servicenow
SVRS
84/100
CVSSv3
9.8/10
EPSS
0.94196/1

CVE-2024-5217 is a critical remote code execution vulnerability affecting ServiceNow platforms. This flaw allows unauthenticated attackers to execute code remotely, posing a significant threat.

ServiceNow patched an input validation vulnerability in Washington DC, Vancouver, and earlier Now Platform releases. The SOCRadar Vulnerability Risk Score (SVRS) is 84, indicating a critical vulnerability requiring immediate attention. Given the active exploits and its presence in the CISA KEV catalog, patching is paramount. Failure to patch exposes the Now Platform to complete compromise, data breaches and significant service disruption. This vulnerability highlights the importance of diligent patch management, as its exploitation can lead to severe security incidents.

TAGS
In The Wild
Exploit Avaliable
CISA KEV
VECTOR STRING
CVSS:3.1
AV:N
AC:L
PR:N
UI:N
S:U
C:H
I:H
A:H
PUBLICATION DATE2024-07-10
LAST MODIFIED2024-07-30

Indicators of Compromise

No IOCs found for this CVE

Exploits

TitleSoftware LinkDate
ServiceNow Incomplete List of Disallowed Inputs Vulnerabilityhttps://www.cisa.gov/search?g=CVE-2024-52172024-07-29
Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

ServiceNow Vulnerabilities: CVE-2024-4789 and CVE-2024-5217 | UpGuard
2025-01-17
ServiceNow Vulnerabilities: CVE-2024-4789 and CVE-2024-5217 | UpGuard | Learn about two critical vulnerabilities affecting the ServiceNow platform (CVE-2024-4789 and CVE-2024-5217) and how UpGuard can help.
upguard.com
rss
forum
news
CVE-2024-5217 | ServiceNow Now Platform incomplete blacklist (KB1648313)
vuldb.com2025-03-19
CVE-2024-5217 | ServiceNow Now Platform incomplete blacklist (KB1648313) | A vulnerability classified as critical has been found in ServiceNow Now Platform. Affected is an unknown function. The manipulation leads to incomplete blacklist. This vulnerability is traded as CVE-2024-5217. It is possible to launch the attack remotely. Furthermore, there is an exploit available. It is recommended to apply a patch to fix this issue.
vuldb.com
rss
forum
news
Patch Now: ServiceNow Critical RCE Bugs Under Active Exploit - Dark Reading
2024-07-29
Patch Now: ServiceNow Critical RCE Bugs Under Active Exploit - Dark Reading | News Content: A threat actor on BreachForums is claiming to have harvested email addresses and associated hashes from more than 105 ServiceNow databases after exploiting two recently disclosed critical vulnerabilities in the cloud-based IT service management platform. Researchers from Resecurity's HUNTER threat team warned late last week that the two ServiceNow vulnerabilities (CVE-2024-4879, CVSS score of 9.3 out of 10; and CVE-2024-5217, CVSS score of 9.2) were being actively exploited in the wild, and said they saw the BreachForums member putting the data
google.com
rss
forum
news
Critical ServiceNow RCE flaws actively exploited to steal credentials - BleepingComputer
2024-07-25
Critical ServiceNow RCE flaws actively exploited to steal credentials - BleepingComputer | News Content: Threat actors are chaining together ServiceNow flaws using publicly available exploits to breach government agencies and private firms in data theft attacks. This malicious activity was reported by Resecurity, which, after monitoring it for a week, identified multiple victims, including government agencies, data centers, energy providers, and software development firms. Although the vendor released security updates for the flaws on July 10, 2024, tens of thousands of systems potentially remain vulnerable to attacks. Exploitation details ServiceNow is a cloud-based platform that helps organizations manage digital workflows for
google.com
rss
forum
news
29th July – Threat Intelligence Report
urias2024-07-29
29th July – Threat Intelligence Report | For the latest discoveries in cyber research for the week of 29th July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The Superior Court of Los Angeles was forced to shut down its network following a ransomware attack. The court, the largest in the United States, has closed all of its 36 courthouse [&#8230;] The post 29th July – Threat Intelligence Report appeared first on Check Point Research<
cve-2024-4879
cve-2024-29073
cve-2024-5178
cve-2024-5217
Tageszusammenfassung - 29.07.2024
CERT.at2024-07-29
Tageszusammenfassung - 29.07.2024 | End-of-Day report Timeframe: Freitag 26-07-2024 18:00 - Montag 29-07-2024 18:00 Handler: Michael Schlagenhaufer Co-Handler: Thomas Pribitzer News Mehr als 3.000 Hotels betroffen: API-Lücke lässt Angreifer Hoteltüren öffnen In vielen Hotels können Gäste heute per Smartphone einchecken und die Türen der gebuchten Zimmer öffnen. Eine API-Schwachstelle zeigt, wie schnell das zum Problem werden kann. https://www.golem.de/news/mehr-als-3-000-hotels-betroffen-api-luecke-laesst-angreifer-hoteltueren-oeffnen-2407-187485.html <
cve-2022-37601
cve-2024-5217
cve-2024-4879
cve-2023-45249
29th July – Threat Intelligence Report - Check Point Research
2024-07-29
29th July – Threat Intelligence Report - Check Point Research | News Content: For the latest discoveries in cyber research for the week of 29th July, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES The Superior Court of Los Angeles was forced to shut down its network following a ransomware attack. The court, the largest in the United States, has closed all of its 36 courthouse locations due to the attack for a few days. No ransomware group has publicly claimed responsibility for the attack. American cybersecurity firm KnowBe4 recently discovered that a newly hired Principal Software Engineer was a North
google.com
rss
forum
news

Social Media

Hackers are increasingly exploiting three year-old ServiceNow vulnerabilities (CVE-2024-4879, CVE-2024-5178, CVE-2024-5217) to target unpatched systems, according to GreyNoise. https://t.co/LZI22X0bBF
0
0
0
The latest update for #UpGuard includes "ServiceNow Vulnerabilities: CVE-2024-4789 and CVE-2024-5217" and "From NIS to NIS2: What Your Organization Needs to Know". #threatdetection #cybersecurity #datasecurity https://t.co/6XYGICvluY
0
0
0
2️⃣ CVE-2024-4879 &amp; CVE-2024-5217 - 🎭 ServiceNow RCE 🎭 In a world where your business operations are just a vulnerability away from chaos, ServiceNow delivers a double feature, allowing unauthenticated remote attackers to execute arbitrary code. 🏰🔑
1
0
0
Sicherheitsforscher habe Angriffs-Kampagnen auf die Now Platform von ServiceNow identifiziert, die drei kritische Sicherheitslücken (CVE-2024-4879, CVE-2024-5217 und CVE-2024-5178) ausnutzen. Die Angriffe laufen global. https://t.co/pV2zOxmU9f
0
0
0
1 - CVE-2024-5217 - ServiceNow, Washington DC, Vancouver, and earlier Now Platform releases - Severity Rating: 9.8 (Critical)
1
0
0
Threat actors have been exploiting three vulnerabilities in ServiceNow to execute code remotely. Two input validation flaws (CVE-2024-4879 and CVE-2024-5217), are rated critical. The third, a sensitive file read issue (CVE-2024-5178), is rated medium severity.
1
0
0
🪲 Three critical vulnerabilities (CVE-2024-4879, CVE-2024-5217, CVE-2024-5178) in ServiceNow’s Now Platform could lead to severe consequences like remote code execution (RCE) and unauthorized access to the database.
1
0
0
A widespread campaign exploiting critical vulnerabilities in #ServiceNow, a popular platform for digital workflows. CVE-2024-4879, CVE-2024-5217, and CVE-2024-5178 allowed unauthenticated attackers to execute code remotely and steal sensitive data https://t.co/0he1qNnVgU
0
0
0
The latest update for #ArcticWolf includes "CVE-2024-4879, CVE-2024-5178, CVE-2024-5217: ServiceNow MID Server Vulnerabilities Resulting in Unauthorized Code Execution" and "How To Stop MFA Fatigue Attacks". #cybersecurity #infosec #networks https://t.co/yhyVljouXr
0
0
0
#ServiceNow, a widely used platform for business transformation, has recently disclosed three critical security vulnerabilities CVE-2024-4879, CVE-2024-5217, and CVE-2024-5178, affect various versions of the Now Platform https://t.co/l2kpBYZLms
0
0
0

Affected Software

Configuration 1
TypeVendorProduct
AppServicenowservicenow

References

ReferenceLink
[email protected]https://support.servicenow.com/kb?id=kb_article_view&amp;sysparm_article=KB1644293
[email protected]https://support.servicenow.com/kb?id=kb_article_view&amp;sysparm_article=KB1648313
[email protected]https://support.servicenow.com/kb?id=kb_article_view&amp;sysparm_article=KB1644293
[email protected]https://support.servicenow.com/kb?id=kb_article_view&amp;sysparm_article=KB1648313
[email protected]https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit
GITHUBhttps://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit

CWE Details

CWE IDCWE NameDescription
CWE-184Incomplete List of Disallowed InputsThe product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are not allowed by policy or otherwise require other action to neutralize before additional processing takes place, but the list is incomplete, leading to resultant weaknesses.
CWE-697Incorrect ComparisonThe software compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence