CVE-2024-4879— ServiceNow 安全漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2024-4879の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Jelly Template Injection Vulnerability in ServiceNow UI Macros
ソース: NVD (National Vulnerability Database)
脆弱性説明
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
CWE-1287
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
ServiceNow 安全漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
ServiceNow是美国ServiceNow公司的一个云计算平台。以帮助公司管理企业运营的数字工作流程。 ServiceNow存在安全漏洞。攻击者利用该漏洞可以在 Now Platform 环境中远程执行代码。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| ServiceNow | Now Platform | 0 ~ Utah Patch 10 Hot Fix 3 | - |
II. CVE-2024-4879の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|---|---|---|
| 1 | CVE-2024-4879 - Jelly Template Injection Vulnerability in ServiceNow | https://github.com/Brut-Security/CVE-2024-4879 | POC詳細 |
| 2 | Bulk scanning tool for ServiceNow CVE-2024-4879 vulnerability | https://github.com/bigb0x/CVE-2024-4879 | POC詳細 |
| 3 | None | https://github.com/Mr-r00t11/CVE-2024-4879 | POC詳細 |
| 4 | None | https://github.com/zgimszhd61/CVE-2024-4879 | POC詳細 |
| 5 | None | https://github.com/ShadowByte1/CVE-2024-4879 | POC詳細 |
| 6 | Exploit for CVE-2024-4879 affecting Vancouver, Washington DC Now and Utah Platform releases | https://github.com/Praison001/CVE-2024-4879-ServiceNow | POC詳細 |
| 7 | CVE-2024-4879 & CVE-2024-5217 ServiceNow RCE Scanning Using Nuclei & Shodan Dork to find it. | https://github.com/NoTsPepino/CVE-2024-4879-CVE-2024-5217-ServiceNow-RCE-Scanning | POC詳細 |
| 8 | Python script designed to detect specific vulnerabilities in ServiceNow instances and dump database connection details if the vulnerability is found. This tool is particularly useful for security researchers and penetration testers. | https://github.com/jdusane/CVE-2024-4879 | POC詳細 |
| 9 | Jelly Template Injection Vulnerability in ServiceNow | POC CVE-2024-4879 | https://github.com/fa-rrel/CVE-2024-4879 | POC詳細 |
| 10 | None | https://github.com/0xWhoami35/CVE-2024-4879 | POC詳細 |
| 11 | Jelly Template Injection Vulnerability in ServiceNow | POC CVE-2024-4879 | https://github.com/gh-ost00/CVE-2024-4879 | POC詳細 |
| 12 | ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-4879.yaml | POC詳細 |
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2024-4879のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · ServiceNow · 2024-07-10 · 3 CVEs total
| CVE-2024-5217 | 9.8 CRITICAL | Incomplete Input Validation in GlideExpression Script |
| CVE-2024-5178 | 4.9 MEDIUM | Incomplete Input Validation in SecurelyAccess API |
IV. 関連脆弱性
同じベンダー: ServiceNow
- CVE-2026-0542
Remote Code Execution in ServiceNow AI Platform - CVE-2025-12420
Unauthenticated Privilege Escalation in ServiceNow AI Platfo - CVE-2025-11449
Reflected Cross Site Scripting in ServiceNow AI Platform - CVE-2025-11450
Reflected Cross Site Scripting in ServiceNow AI Platform - CVE-2025-3089
Broken Access Control in ServiceNow AI Platform
同じ弱点: CWE-1287
- CVE-2026-33806
fastify vulnerable to Body Schema Validation Bypass via Lead - CVE-2019-25596
SpotAuditor 5.2.6 Name Field Denial of Service - CVE-2026-2092
Keycloak-services: keycloak: unauthorized access via imprope - CVE-2026-2454
DoS in Calls plugin via malformed msgpack in websocket reque - CVE-2026-25783
Denial of service via malformed User-Agent header in getBrow
V. CVE-2024-4879へのコメント
まだコメントはありません