U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2024-5178

Change History

New CVE Received by NIST 7/10/2024 1:15:12 PM

Action Type Old Value New Value
Added CVSS V4.0

								
							
							
						
ServiceNow CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Added CWE

								
							
							
						
ServiceNow CWE-184
Added Description

								
							
							
						
ServiceNow has addressed a sensitive file read vulnerability that was identified in the Washington DC, Vancouver, and Utah Now Platform releases. This vulnerability could allow an administrative user to gain unauthorized access to sensitive files on the web application server. The vulnerability is addressed in the listed patches and hot fixes, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
Added Reference

								
							
							
						
ServiceNow https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293 [No types assigned]
Added Reference

								
							
							
						
ServiceNow https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1648312 [No types assigned]