ServiceNow MID Server, which serves as a proxy and enables communication between a ServiceNow instance and external applications and data sources, has the following vulnerabilities:
| CVE ID | Description | Severity |
|---|---|---|
| CVE-2024-4879 | A template injection vulnerability in the Apache Jelly implementation of ServiceNow. | CVSS 9.3 |
| CVE-2024-5217 | Provides access to data stored in ServiceNow. | CVSS 9.2 |
| CVE-2024-5178 | Allows attackers to elevate their permissions and gain admin access. | CVSS 6.9 |
ServiceNow MID Server, which is generally designed to be deployed behind a corporate firewall, is the impacted component. This reduces the potential exposure space on the public Internet. However, thousands of ServiceNow instances are visible to internet scanners.
Risks
When these vulnerabilities are chained together, they can lead to remote code execution.
What To Do
Search for the “ServiceNow” product in Bitsight for 4th Party to identify organizations that are using ServiceNow.
While the associated assets in 4th party are affiliated with ServiceNow, they may not be the specific MID Server system which is impacted by the vulnerability.
Refer to the ServiceNow security advisory to patch these vulnerabilities.
Resources
- IDG Communications, Inc., “Critical ServiceNow vulnerabilities expose businesses to data breaches”
- ServiceNow, “CVE-2024-4879 - Jelly Template Injection Vulnerability in ServiceNow UI Macros”
- August 2, 2024: Published.
Feedback
0 comments
Please sign in to leave a comment.