CVE-2024-4879 in Now Platforminfo

Summary

by MITRE • 07/10/2024

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington, D.C. Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 08/14/2025

This vulnerability represents a critical remote code execution flaw in ServiceNow's Now Platform that affects both hosted and self-hosted deployments. The issue was discovered in the Vancouver and Washington, D.C. platform releases, indicating it spans multiple version lines and affects a significant portion of ServiceNow's user base. The vulnerability's classification as unauthenticated remote code execution means that attackers can exploit it without requiring valid credentials, making it particularly dangerous as it bypasses traditional authentication mechanisms. This type of vulnerability directly impacts the integrity and confidentiality of enterprise systems that rely on ServiceNow for critical business processes.

The technical flaw stems from insufficient input validation within the platform's processing mechanisms, allowing maliciously crafted inputs to be executed as code within the Now Platform's operational context. This vulnerability falls under the CWE-20 category of "Improper Input Validation" and aligns with ATT&CK technique T1203 "Exploitation for Client Execution" and T1059 "Command and Scripting Interpreter." The vulnerability's exploitation pathway likely involves manipulating input fields or API endpoints that do not properly sanitize user-supplied data before processing. Attackers can leverage this weakness to execute arbitrary commands on the server, potentially gaining full control over the platform and accessing sensitive organizational data.

The operational impact of this vulnerability extends beyond simple data compromise, as it enables attackers to establish persistent access to enterprise systems and potentially move laterally within network environments. Organizations using ServiceNow for critical business operations face significant risk of data breaches, service disruption, and regulatory compliance violations. The vulnerability affects not just individual instances but entire enterprise ecosystems that depend on ServiceNow's integration capabilities, potentially allowing attackers to access interconnected systems through the compromised platform. This type of vulnerability directly impacts service availability, data integrity, and business continuity for organizations relying on the platform for their operational infrastructure.

ServiceNow's response included immediate patching of hosted instances and release of updates to partners and self-hosted customers, demonstrating the severity of the vulnerability. Organizations should prioritize applying the relevant security patches as soon as possible, as the window for exploitation remains open until remediation is complete. The patching process should include thorough testing in staging environments before deployment to production systems to ensure compatibility and prevent unintended service disruptions. Security teams should also implement monitoring for suspicious activities and network traffic patterns that might indicate exploitation attempts. Additionally, organizations should review their access controls and network segmentation to limit potential blast radius if exploitation occurs, as this vulnerability could potentially allow attackers to escalate privileges and access other systems within the organization's infrastructure.

Reservation

05/14/2024

Disclosure

07/10/2024

Moderation

accepted

CPE

ready

Exploit

Download

EPSS

0.99976

KEV

yes

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!