PT-2024-34905 · Servicenow · Servicenow
Adam Kues
·
Published
2024-07-10
·
Updated
2025-03-21
·
CVE-2024-5178
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
ServiceNow versions prior to the June 2024 patching cycle
Description
A sensitive file read issue was identified in the Washington DC, Vancouver, and Utah Now Platform releases. This could allow an administrative user to gain unauthorized access to sensitive files on the web application server.
Recommendations
Apply security patches relevant to your instance as soon as possible.
Fix
Incomplete List of Disallowed Inputs
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Servicenow