SOCRadar® Cyber Intelligence Inc. | ServiceNow Now Platform Vulnerabilities Enable RCE and SQL Injection Risks (CVE-2024-8923, CVE-2024-8924) – Patch Now
Table Of Content
Home

Resources

Blog
Nov 01, 2024
4 Mins Read

ServiceNow Now Platform Vulnerabilities Enable RCE and SQL Injection Risks (CVE-2024-8923, CVE-2024-8924) – Patch Now

ServiceNow’s Now Platform, known for its AI-driven tools that help business processes and increase productivity, recently encountered two critical vulnerabilities. These newly disclosed flaws (CVE-2024-8923 and CVE-2024-8924) pose serious risks to organizations across industries by potentially allowing unauthorized access and exposing sensitive data.

The Now Platform acts as the backbone for ServiceNow’s suite of products, providing a secure, cloud-based environment where organizations manage workflows and automate key functions. Its versatility and broad adoption have made it essential to business operations globally, but they also make it a prime target for cyber threats.

Details of the Now Platform Vulnerabilities CVE-2024-8923 & CVE-2024-8924

Below are the details of the two ServiceNow vulnerabilities, CVE-2024-8923 and CVE-2024-8924, along with the specific risks they present to organizations.

CVE-2024-8923 (CVSS 9.8):

The first vulnerability, CVE-2024-8923, is a critical Sandbox Escape issue affecting the Now Platform. This flaw arises from an input validation error in the Now Platform, which could allow unauthenticated users to perform Remote Code Execution (RCE).

By exploiting this flaw, attackers could potentially gain unauthorized access and control within the context of the platform, posing a risk of data exposure and compromising platform integrity.

CVE-2024-8923 is known to affect releases prior to Xanadu General Availability.

Vulnerability card of CVE-2024-8923 (SOCRadar Vulnerability Intelligence)

Vulnerability card of CVE-2024-8923 (SOCRadar Vulnerability Intelligence)

CVE-2024-8924 (CVSS: 7.5):

This second vulnerability is a blind SQL injection flaw. While not as severe as CVE-2024-8923, it remains a critical concern, particularly for organizations with sensitive data at risk of unauthorized access.

CVE-2024-8924 could allow attackers to retrieve unauthorized data by exploiting input fields within the Now Platform. This flaw can potentially expose confidential data, creating risks for organizational data integrity and confidentiality.

CVE-2024-8924 affects Xanadu, Washington DC, and earlier Now Platform releases.

Potential Exposure

A search on FOFA reveals that over 130,000 ServiceNow instances are exposed online, with more than 90,000 based in the United States. This extensive exposure highlights how critical it is for organizations to promptly apply security patches to address vulnerabilities like CVE-2024-8923 and CVE-2024-8924.

Results for ServiceNow products on FOFA

Results for ServiceNow products on FOFA

Given ServiceNow’s Now Platform’s role in automating essential business functions, unpatched instances present a heightened risk, potentially allowing unauthorized access to sensitive data and critical systems.

ServiceNow’s Disclosure and Patch Updates

On October 29, 2024, ServiceNow disclosed the new flaws CVE-2024-8923 and CVE-2024-8924 through its advisories, stating that they were addressed in patch releases during August and October 2024, respectively. The company strongly encourages organizations to apply the security patches if they have not yet done so.

For further details on the updates and fixed versions, see ServiceNow’s advisories: KB1706070 and KB1706072.

Prevent Exploitation, Monitor Your Vulnerabilities with SOCRadar

Recent history has shown how unpatched ServiceNow vulnerabilities can lead to serious security incidents. In July 2024, attackers leveraged vulnerabilities CVE-2024-4879, CVE-2024-5217, and CVE-2024-5178, specifically targeting the ServiceNow MID Server component.

Consistent patching, along with continuous vulnerability monitoring, can significantly reduce exposure to threats. SOCRadar’s Vulnerability Intelligence and Attack Surface Management (ASM) modules support these efforts by providing timely alerts on emerging vulnerabilities, and delivering insights into potential risks threatening your assets. Here are some key features of the SOCRadar XTI platform:

  • Asset Discovery for a complete view of your exposure
  • Continuous Monitoring of internet-facing assets
  • Real-Time Alerts for critical vulnerabilities and security issues
  • Risk-Based Prioritization to tackle high-impact threats
  • Exploitability Insights on active threats
  • Dark Web Monitoring for alerts on leaked exploits and vulnerability chatter
SOCRadar’s Vulnerability Intelligence module page

SOCRadar’s Vulnerability Intelligence module page

With SOCRadar XTI, your organization can maintain a proactive stance, detecting and mitigating vulnerabilities before they become exploitable risks.

Related Articles
SOCRadar® Cyber Intelligence Inc. | NodeStealer’s Evolution: A Growing Threat to Facebook Accounts and Beyond
NodeStealer’s Evolution: A Growing Threat to Facebook Accounts and Beyond
Nov 22, 2024
SOCRadar® Cyber Intelligence Inc. | Financial Software Company Finastra Investigates Recent Security Incident
Financial Software Company Finastra Investigates Recent Security Incident
Nov 21, 2024
SOCRadar® Cyber Intelligence Inc. | Privilege Escalation Risks in ‘needrestart’ Utility Threaten Linux Systems; OSS-Fuzz Finds 26 Hidden Flaws
Privilege Escalation Risks in ‘needrestart’ Utility Threaten Linux Systems; OSS-Fuzz Finds 26 Hidden Flaws
Nov 21, 2024
SOCRadar® Cyber Intelligence Inc. | Apple, Oracle, and Apache Issue Critical Updates for Actively Exploited and High-Risk Vulnerabilities
Apple, Oracle, and Apache Issue Critical Updates for Actively Exploited and High-Risk Vulnerabilities
Nov 20, 2024
SOCRadar® Cyber Intelligence Inc. | Exploited PAN-OS Zero-Days Threaten Thousands of Firewalls (CVE-2024-0012 and CVE-2024-9474)
Exploited PAN-OS Zero-Days Threaten Thousands of Firewalls (CVE-2024-0012 and CVE-2024-9474)
Nov 19, 2024