CVE-2024-4879CISA KEV: Actively Exploited

ServiceNow Improper Input Validation Vulnerability

Published Jul 29, 2024·Updated Jul 29, 2024

Description

ServiceNow Utah, Vancouver, and Washington DC Now Platform releases contain a jelly template injection vulnerability in UI macros. An unauthenticated user could exploit this vulnerability to execute code remotely.

Public Exploits & PoCs7 found

PoC: CVE-2024-4879

CVE-2024-4879.py is a Python script designed to detect specific vulnerabilities in ServiceNow instances and dump database connection details if the vulnerability is found. This tool is particularly useful for security researchers and penetration testers.

4

PoC: CVE-2024-4879

Bulk scanning tool for ServiceNow CVE-2024-4879 vulnerability

1

PoC: CVE-2024-4879

Jelly Template Injection Vulnerability in ServiceNow | POC CVE-2024-4879

PoC: CVE-2024-4879

Python script designed to detect specific vulnerabilities in ServiceNow instances and dump database connection details if the vulnerability is found. This tool is particularly useful for security researchers and penetration testers.

PoC: CVE-2024-4879-CVE-2024-5217-ServiceNow-RCE-Scanning

CVE-2024-4879 & CVE-2024-5217 ServiceNow RCE Scanning Using Nuclei & Shodan Dork to find it.

PoC: CVE-2024-4879-ServiceNow

Exploit for CVE-2024-4879 affecting Vancouver, Washington DC Now and Utah Platform releases

PoC: CVE-2024-4879

CVE-2024-4879 - Jelly Template Injection Vulnerability in ServiceNow

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free