Three vulnerabilities [CVE-2024-4879, CVE-2024-5217, & CVE-2024-5178] in ServiceNow were disclosed and added to the CISA Known Exploited Vulnerabilities (KEV) list on July 29. When chained together, they can lead to remote code execution.
ServiceNow MID Server, which is generally designed to be deployed behind a corporate firewall, is the impacted component. This reduces the potential exposure space on the public Internet. However, thousands of ServiceNow instances are visible to internet scanners.
Reports from threat intelligence firms indicate these vulnerabilities are being actively exploited and various threat actors are advertising company data for sale as a result of successful exploitation.
See the resource center.
Status
Research is in progress to determine whether or not Bitsight can detect these vulnerabilities.
Feedback
0 comments
Please sign in to leave a comment.