ServiceNow has recently patched two critical vulnerabilities, CVE-2024-8923 and CVE-2024-8924, in its Now platform. These vulnerabilities posed serious threats to organizations, as they could potentially allow unauthorized remote access to the platform, resulting in the exposure of sensitive information and the compromise of system integrity. At the moment, there are no known public exploits for these vulnerabilities, but organizations using ServiceNow should prioritize applying these updates to mitigate potential risks.
| Product | ServiceNow |
| Date | 2024-11-04 09:44:59 |
| Information |
|
Technical Summary
CVE-2024-8923 is a vulnerability characterized by an input validation flaw within ServiceNow’s Now platform, with a critical CVSS score of 9.8. This flaw could allow unauthenticated users to execute arbitrary code remotely. ServiceNow has indicated that this vulnerability “could potentially allow an unauthenticated user to execute remote code within the context of the Now Platform.” Organizations are urged to apply the necessary patches immediately to mitigate this risk.
Recommendations
It is strongly recommended that users promptly apply the security patches released by ServiceNow during the August and October 2024 update cycles in order to mitigate the risks associated with these critical vulnerabilities.
[Callforaction-THREAT-Footer]
