We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-8924

Unauthenticated Blind SQL Injection in Core Platform



AssignerSN
Reserved2024-09-16
Published2024-10-29
Updated2024-10-31

Description

ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information. ServiceNow deployed an update to hosted instances, and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes.



HIGH: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
HIGH: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Product status

Default status
unaffected

Any version before Utah Patch 10b Hot Fix 3
affected

Any version before Vancouver Patch 8 Hot Fix 5
affected

Any version before Vancouver Patch 9 Hot Fix 3b
affected

Any version before Vancouver Patch 10 Hot Fix 2
affected

Any version before Washington DC Patch 4 Hot Fix 2b
affected

Any version before Washington DC Patch 5 Hot Fix 6
affected

Any version before Washington DC Patch 6 Hot Fix 1
affected

Any version before Washington DC Patch 7
affected

Any version before Xanadu Patch 1
affected

Credits

T-Mobile finder

References

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1706072

cve.org CVE-2024-8924

nvd.nist.gov CVE-2024-8924

Download JSON

Share this page
https://cve.threatint.com
Subscribe to our newsletter to learn more about our work.