PT-2024-35129 · Servicenow · Servicenow

Adam Kues

Published

2024-07-10

Updated

2025-03-21

CVE-2024-5217

CVSS v2.0

Critical

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions ServiceNow versions prior to the June 2024 patching cycle

Description The issue is related to an input validation vulnerability that could enable an unauthenticated user to remotely execute code within the context of the Now Platform. This vulnerability was identified in the Washington DC, Vancouver, and earlier Now Platform releases.

Recommendations Apply security patches relevant to your instance as soon as possible, specifically those released during the June 2024 patching cycle.

Fix

Incomplete List of Disallowed Inputs

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-697CWE-184

Related Identifiers

BDU:2025-07203

CVE-2024-5217

Affected Products

Servicenow

PT-2024-35129 · Servicenow · Servicenow

CVE-2024-5217

Weakness Enumeration

Related Identifiers

Affected Products

References · 32