U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2024-4879

Change History

New CVE Received by NIST 7/10/2024 1:15:12 PM

Action Type Old Value New Value
Added CVSS V4.0

								
							
							
						
ServiceNow CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Added CWE

								
							
							
						
ServiceNow CWE-1287
Added Description

								
							
							
						
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington, D.C. Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
Added Reference

								
							
							
						
ServiceNow https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293 [No types assigned]
Added Reference

								
							
							
						
ServiceNow https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1645154 [No types assigned]