← ExploitWatch
HomeExploited Vulnerabilities

CVE-2024-4879 — Actively Exploited: Utah, Vancouver, and Washington DC Now Platform (ServiceNow)

ServiceNow Utah, Vancouver, and Washington DC Now Platform releases contain a jelly template injection vulnerability in UI macros. An unauthenticated user could exploit this vulnerability to execute code remotely.

CVE IDCVE-2024-4879
VendorServiceNow
ProductUtah, Vancouver, and Washington DC Now Platform
Vulnerability nameServiceNow Improper Input Validation Vulnerability
Date added2024-07-29
Remediation due2024-08-19
Known ransomware useUnknown
Required actionApply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
DescriptionServiceNow Utah, Vancouver, and Washington DC Now Platform releases contain a jelly template injection vulnerability in UI macros. An unauthenticated user could exploit this vulnerability to execute code remotely.
SourceCISA Known Exploited Vulnerabilities

🔍 Search all exploited vulnerabilities →