T-Mobile

Name of the Vulnerable Software and Affected Versions: ServiceNow Now Platform (affected versions not specified) Description: The issue is related to a blind SQL injection vulnerability in the Now Platform, which could allow an unauthenticated user to extract unauthorized information. This vulnerability can be exploited by a remote attacker. ServiceNow has addressed this issue by deploying an update to hosted instances and providing the update to partners and self-hosted customers. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** ServiceNow (affected versions not specified) **Description** The issue is related to incorrect code generation management in the Now Platform, which could enable an unauthenticated user to remotely execute code within the context of the Now Platform. It is estimated that over 162k instances are potentially affected. The vulnerability is actively exploited in the wild. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.