ServiceNow Vulnerability Chain [CVE-2024-4879, CVE-2024-5217, & CVE-2024-5178] Ingrid ServiceNow MID Server, which serves as a proxy and enables communication between a ServiceNow instance and external applications and data sources, has the following vulnerabilities: CVE ID Description Severity CVE-2024-4879 A template injection vulnerability in the Apache Jelly implementation of ServiceNow. CVSS 9.3 CVE-2024-5217 Provides access to data stored in ServiceNow. CVSS 9.2 CVE-2024-5178 Allows attackers to elevate their permissions and gain admin access. CVSS 6.9 ServiceNow MID Server, which is generally designed to be deployed behind a corporate firewall, is the impacted component. This reduces the potential exposure space on the public Internet. However, thousands of ServiceNow instances are visible to internet scanners. Risks When these vulnerabilities are chained together, they can lead to remote code execution. What To Do Search for the “ServiceNow” product in Bitsight for 4th Party to identify organizations that are using ServiceNow. While the associated assets in 4th party are affiliated with ServiceNow, they may not be the specific MID Server system which is impacted by the vulnerability. Refer to the ServiceNow security advisory to patch these vulnerabilities. Resources IDG Communications, Inc., “Critical ServiceNow vulnerabilities expose businesses to data breaches” ServiceNow, “CVE-2024-4879 - Jelly Template Injection Vulnerability in ServiceNow UI Macros” August 2, 2024: Published. Related articles ServiceNow Vulnerability Chain [CVE-2024-4879, CVE-2024-5217, & CVE-2024-5178] – August 2, 2024 4th Party Risk: Products TLS/SSL Finding Remediation & Remediation Verification How is the Web Application Headers Risk Vector Assessed? Peer Comparison: Benchmarking Feedback 0 comments Please sign in to leave a comment.