CVE-2024-8923

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-8923

9.8 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

S

erviceNow has addressed an input validation vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow deployed an update to hosted instances and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes.

References
Link Resource
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1706070 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:servicenow:servicenow:xanadu:early_availability:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:xanadu:early_availability_hotfix_1:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:servicenow:servicenow:washington_dc:-:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:early_availability:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:early_availability_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_3b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3_hotfix_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4_hotfix_1:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:servicenow:servicenow:vancouver:-:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:early_availability:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:early_availability_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:early_availability_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_1_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_2b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_5:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_5_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_6:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_6_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_6_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_3a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_3b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_1b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_2a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_2b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_8:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_5:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_9:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_9_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_9_hotfix_2:*:*:*:*:*:*
History

27 Nov 2024, 19:31

Type Values Removed Values Added
CPE cpe:2.3:a:servicenow:servicenow:vancouver:ptach_7:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:xanadu:-:*:*:*:*:*:*		 cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:early_availability:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_9_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:early_availability:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_6_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_1_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_3b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_9_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_3a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_3b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_2b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:xanadu:early_availability:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_5:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_5_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:early_availability_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:early_availability_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_6_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:early_availability_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:xanadu:early_availability_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_9:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3_hotfix_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_4:*:*:*:*:*:*

07 Nov 2024, 17:18

Type Values Removed Values Added
First Time Servicenow
Servicenow servicenow
References () https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1706070 - () https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1706070 - Vendor Advisory
CPE cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_2a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_1b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:ptach_7:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_5:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_2b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:-:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_6:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:-:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_8:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:xanadu:-:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2:*:*:*:*:*:*

01 Nov 2024, 12:57

Type Values Removed Values Added
Summary
  • (es) ServiceNow ha solucionado una vulnerabilidad de validación de entrada que se identificó en Now Platform. Esta vulnerabilidad podría permitir que un usuario no autenticado ejecute código de forma remota dentro del contexto de Now Platform. ServiceNow implementó una actualización en las instancias alojadas y proporcionó la actualización a nuestros socios y clientes alojados por ellos mismos. Además, la vulnerabilidad se soluciona en los parches y correcciones urgentes que se indican.

29 Oct 2024, 17:15

Type Values Removed Values Added
CWE CWE-94

29 Oct 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-10-29 16:15

Updated : 2024-11-27 19:31

NVD link : CVE-2024-8923

Mitre link : CVE-2024-8923

CVE.ORG link : CVE-2024-8923

JSON object : View

Products Affected

servicenow

CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')