vulnerability
ServiceNow: CVE-2024-5217: Incomplete List of Disallowed Inputs Vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | Jul 10, 2024 | Jul 9, 2025 | Jul 9, 2025 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
Jul 10, 2024
Added
Jul 9, 2025
Modified
Jul 9, 2025
Description
ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform.
Solution
servicenow-upgrade-latest
References
- CVE-2024-5217
- https://attackerkb.com/topics/CVE-2024-5217
- URL-https://www.assetnote.io/resources/research/chaining-three-bugs-to-access-all-your-servicenow-data
- URL-https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293
- URL-https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1648313
- URL-https://nvd.nist.gov/vuln/detail/CVE-2024-5217
- CWE-697
- CWE-184
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.