CVE-2024-4879
EUVD-2024-4445110.07.2024, 17:15
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.Enginsight
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
| Vendor | Product | Version | Source |
|---|---|---|---|
| servicenow | servicenow | 𝑥 < utah_patch_10_hot_fix_3 | ADP |
| servicenow | servicenow | 𝑥 < utah_patch_10a_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_6_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_7_hot_fix_3b | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_8_hot_fix_4 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_9 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_10 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_1_hot_fix_2b | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_2_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_3_hot_fix_1 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_4 | ADP |
| servicenow | servicenow | 𝑥 < utah_patch_10_hot_fix_3 | ADP |
| servicenow | servicenow | 𝑥 < utah_patch_10a_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_6_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_7_hot_fix_3b | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_8_hot_fix_4 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_9 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_10 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_1_hot_fix_2b | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_2_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_3_hot_fix_1 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_4 | ADP |
| servicenow | servicenow | 𝑥 < utah_patch_10_hot_fix_3 | ADP |
| servicenow | servicenow | 𝑥 < utah_patch_10a_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_6_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_7_hot_fix_3b | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_8_hot_fix_4 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_9 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_10 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_1_hot_fix_2b | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_2_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_3_hot_fix_1 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_4 | ADP |
| servicenow | servicenow | 𝑥 < utah_patch_10_hot_fix_3 | ADP |
| servicenow | servicenow | 𝑥 < utah_patch_10a_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_6_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_7_hot_fix_3b | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_8_hot_fix_4 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_9 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_10 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_1_hot_fix_2b | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_2_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_3_hot_fix_1 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_4 | ADP |
| servicenow | servicenow | 𝑥 < utah_patch_10_hot_fix_3 | ADP |
| servicenow | servicenow | 𝑥 < utah_patch_10a_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_6_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_7_hot_fix_3b | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_8_hot_fix_4 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_9 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_10 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_1_hot_fix_2b | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_2_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_3_hot_fix_1 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_4 | ADP |
| servicenow | servicenow | 𝑥 < utah_patch_10_hot_fix_3 | ADP |
| servicenow | servicenow | 𝑥 < utah_patch_10a_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_6_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_7_hot_fix_3b | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_8_hot_fix_4 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_9 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_10 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_1_hot_fix_2b | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_2_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_3_hot_fix_1 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_4 | ADP |
| servicenow | servicenow | 𝑥 < utah_patch_10_hot_fix_3 | ADP |
| servicenow | servicenow | 𝑥 < utah_patch_10a_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_6_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_7_hot_fix_3b | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_8_hot_fix_4 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_9 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_10 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_1_hot_fix_2b | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_2_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_3_hot_fix_1 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_4 | ADP |
| servicenow | servicenow | 𝑥 < utah_patch_10_hot_fix_3 | ADP |
| servicenow | servicenow | 𝑥 < utah_patch_10a_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_6_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_7_hot_fix_3b | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_8_hot_fix_4 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_9 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_10 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_1_hot_fix_2b | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_2_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_3_hot_fix_1 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_4 | ADP |
| servicenow | servicenow | 𝑥 < utah_patch_10_hot_fix_3 | ADP |
| servicenow | servicenow | 𝑥 < utah_patch_10a_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_6_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_7_hot_fix_3b | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_8_hot_fix_4 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_9 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_10 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_1_hot_fix_2b | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_2_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_3_hot_fix_1 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_4 | ADP |
| servicenow | servicenow | 𝑥 < utah_patch_10_hot_fix_3 | ADP |
| servicenow | servicenow | 𝑥 < utah_patch_10a_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_6_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_7_hot_fix_3b | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_8_hot_fix_4 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_9 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_10 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_1_hot_fix_2b | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_2_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_3_hot_fix_1 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_4 | ADP |
| servicenow | servicenow | 𝑥 < utah_patch_10_hot_fix_3 | ADP |
| servicenow | servicenow | 𝑥 < utah_patch_10a_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_6_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_7_hot_fix_3b | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_8_hot_fix_4 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_9 | ADP |
| servicenow | servicenow | 𝑥 < vancouver_patch_10 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_1_hot_fix_2b | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_2_hot_fix_2 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_3_hot_fix_1 | ADP |
| servicenow | servicenow | 𝑥 < washington_dc_patch_4 | ADP |
Common Weakness Enumeration
References