CVE-2024-5217
CRITICAL CISA KEVDescription
ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
Is your site exposed to CVE-2024-5217?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild.
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
| servicenow | servicenow |
References
Advisories & Patches
Other References
Frequently Asked Questions
What is CVE-2024-5217? +
How severe is CVE-2024-5217? +
What products are affected by CVE-2024-5217? +
How do I check if I'm vulnerable to CVE-2024-5217? +
Related Vulnerabilities
File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior …
Picklescan before 0.0.25 fails to detect unsafe global functions in the Numpy library, allowing attackers to bypass static analysis and …
Kestra is an open-source, event-driven orchestration platform. Prior to 1.0.45 and 1.3.21, AuthenticationFilter in Kestra OSS uses request.getPath().endsWith("/configs") to whitelist …
Wasmtime is a fast and secure runtime for WebAssembly. Wasmtime's filesystem sandbox implementation on Windows blocks access to special device …
Xerte Online Toolkits versions 3.15 and earlier contain an incomplete input validation vulnerability in the elFinder connector endpoint that fails …
picklescan before 1.0.4 contains an incomplete blocklist for the profile module that fails to block the module-level profile.run() function, allowing …