CVE-2024-4879

Name of the Vulnerable Software and Affected Versions ServiceNow versions prior to the updated versions that include the security patches for the Vancouver and Washington DC Now Platform releases

Description The issue is related to an improper input validation vulnerability that could enable an unauthenticated user to remotely execute code within the context of the Now Platform. This vulnerability was identified in the Vancouver and Washington DC Now Platform releases. ServiceNow has applied an update to hosted instances and released the update to partners and self-hosted customers.

Recommendations Apply the security patches relevant to your instance as soon as possible to address the vulnerability. If you have not done so already, update your instance with the latest patches and hot fixes provided by ServiceNow to prevent remote code execution by unauthenticated users.