← back
CVE-2024-4879

Jelly Template Injection Vulnerability in ServiceNow UI Macros

CVSS 9.3 CRITICALEPSS 100.0%● KEVCWE-1287
In short

A flaw in ServiceNow's UI Macros allows unauthenticated attackers to inject malicious code through template input, leading to remote code execution on the platform. This is critical because it bypasses authentication and affects all users of affected ServiceNow instances.

Technical detail

CWE-1287 template injection vulnerability in ServiceNow UI Macros allows unauthenticated remote code execution due to insufficient input validation. The attack vector is network-based with no authentication required; vulnerable versions of Vancouver and Washington DC Now Platform releases are affected. Successful exploitation results in arbitrary code execution within the Now Platform context.

Summary generated and translated by AI from the official description.
ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N
Affected products
ServiceNow · Now Platform
public PoCs found9
githubgithub.com/Brut-Security/CVE-2024-487926githubgithub.com/bigb0x/CVE-2024-487910githubgithub.com/NoTsPepino/CVE-2024-4879-CVE-2024-5217-ServiceNow-RCE-Scanning5githubgithub.com/Mr-r00t11/CVE-2024-48794githubgithub.com/gh-ost00/CVE-2024-48794githubgithub.com/Praison001/CVE-2024-4879-ServiceNow1githubgithub.com/jdusane/CVE-2024-48790githubgithub.com/0xWhoami35/CVE-2024-48790exploitdbwww.exploit-db.com/exploits/52410unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1644293https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1645154https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2024-4879https://www.darkreading.com/cloud-security/patchnow-servicenow-critical-rce-bugs-active-exploit