ServiceNow Vulnerability Chain [CVE-2024-4879, CVE-2024-5217, & CVE-2024-5178] – August 2, 2024 Ingrid Three vulnerabilities [CVE-2024-4879, CVE-2024-5217, & CVE-2024-5178] in ServiceNow were disclosed and added to the CISA Known Exploited Vulnerabilities (KEV) list on July 29. When chained together, they can lead to remote code execution. ServiceNow MID Server, which is generally designed to be deployed behind a corporate firewall, is the impacted component. This reduces the potential exposure space on the public Internet. However, thousands of ServiceNow instances are visible to internet scanners. Reports from threat intelligence firms indicate these vulnerabilities are being actively exploited and various threat actors are advertising company data for sale as a result of successful exploitation. See the resource center. Status Research is in progress to determine whether or not Bitsight can detect these vulnerabilities. Related articles ServiceNow Vulnerability Chain [CVE-2024-4879, CVE-2024-5217, & CVE-2024-5178] CrowdStrike Update Causes Outage – July 19, 2024 Attack Surface: Infrastructure Continuous Monitoring Application Groma Internet Scanning and Data Collection Infrastructure – July 25, 2024 Feedback 0 comments Please sign in to leave a comment.