- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-30-2024 12:11 PM
What does this mean to us and how do we take immediate action to fix these issues?
Critical ServiceNow vulnerabilities expose businesses to data breaches | CSO Online
CVE-2024-4879 is related to Authentication Bypass. This flaw lets attackers bypass authentication and access the ServiceNow platform without permission. They can remotely execute code by exploiting this vulnerability.
CVE-2024-5217 pertains to Arbitrary Data Access. This vulnerability lets attackers access and extract any data stored in the ServiceNow system. This includes sensitive information, customer data, and internal communications, posing a serious threat to business operations and data privacy.
The third one, CVE-2024-5178, is related to Privilege Escalation and allows attackers to increase their access level within the ServiceNow system. With elevated permissions, attackers can gain administrative control, making it easier to alter data and system settings.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-30-2024 02:10 PM
These all have hotfixes already. You should check your instance version in /stats.do or Now Support to confirm if you have the appropriate hotfix for your release.
CVE-2024-4879
|
Utah |
Utah Patch 10 Hot Fix 3 Utah Patch 10a Hot Fix 2 |
|
Vancouver |
Vancouver Patch 6 Hot Fix 2 Vancouver Patch 7 Hot Fix 3b Vancouver Patch 8 Hot Fix 4 Vancouver Patch 9 Vancouver Patch 10 |
|
Washington |
Washington DC Patch 1 Hot Fix 2b Washington DC Patch 2 Hot Fix 2 Washington DC Patch 3 Hot Fix 1 Washington DC Patch 4 |
CVE-2024-5217
|
Release |
Fixed Version |
|
Utah |
Utah Patch 10 Hot Fix 3 Utah Patch 10a Hot Fix 2 Utah Patch 10b Hot Fix 1 |
|
Vancouver |
Vancouver Patch 6 Hot Fix 2 Vancouver Patch 7 Hot Fix 3b Vancouver Patch 8 Hot Fix 4 Vancouver Patch 9 Hot Fix 1 Vancouver Patch 10 |
|
Washington |
Washington DC Patch 1 Hot Fix 3b Washington DC Patch 2 Hot Fix 2 Washington DC Patch 3 Hot Fix 2 Washington DC Patch 4 Washington DC Patch 5 |
CVE-2024-5178
|
Release |
Fixed Version |
|
Utah |
Utah Patch 10 Hot Fix 3 Utah Patch 10a Hot Fix 2 Utah Patch 10b Hot Fix 1 |
|
Vancouver |
Vancouver Patch 6 Hot Fix 2 Vancouver Patch 7 Hot Fix 3b Vancouver Patch 8 Hot Fix 4 Vancouver Patch 9 Hot Fix 1 Vancouver Patch 10 |
|
Washington |
Washington DC Patch 1 Hot Fix 3b Washington DC Patch 2 Hot Fix 2 Washington DC Patch 3 Hot Fix 2 Washington DC Patch 4 |
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-30-2024 02:10 PM
These all have hotfixes already. You should check your instance version in /stats.do or Now Support to confirm if you have the appropriate hotfix for your release.
CVE-2024-4879
|
Utah |
Utah Patch 10 Hot Fix 3 Utah Patch 10a Hot Fix 2 |
|
Vancouver |
Vancouver Patch 6 Hot Fix 2 Vancouver Patch 7 Hot Fix 3b Vancouver Patch 8 Hot Fix 4 Vancouver Patch 9 Vancouver Patch 10 |
|
Washington |
Washington DC Patch 1 Hot Fix 2b Washington DC Patch 2 Hot Fix 2 Washington DC Patch 3 Hot Fix 1 Washington DC Patch 4 |
CVE-2024-5217
|
Release |
Fixed Version |
|
Utah |
Utah Patch 10 Hot Fix 3 Utah Patch 10a Hot Fix 2 Utah Patch 10b Hot Fix 1 |
|
Vancouver |
Vancouver Patch 6 Hot Fix 2 Vancouver Patch 7 Hot Fix 3b Vancouver Patch 8 Hot Fix 4 Vancouver Patch 9 Hot Fix 1 Vancouver Patch 10 |
|
Washington |
Washington DC Patch 1 Hot Fix 3b Washington DC Patch 2 Hot Fix 2 Washington DC Patch 3 Hot Fix 2 Washington DC Patch 4 Washington DC Patch 5 |
CVE-2024-5178
|
Release |
Fixed Version |
|
Utah |
Utah Patch 10 Hot Fix 3 Utah Patch 10a Hot Fix 2 Utah Patch 10b Hot Fix 1 |
|
Vancouver |
Vancouver Patch 6 Hot Fix 2 Vancouver Patch 7 Hot Fix 3b Vancouver Patch 8 Hot Fix 4 Vancouver Patch 9 Hot Fix 1 Vancouver Patch 10 |
|
Washington |
Washington DC Patch 1 Hot Fix 3b Washington DC Patch 2 Hot Fix 2 Washington DC Patch 3 Hot Fix 2 Washington DC Patch 4 |
