THREATOPS
THREAT OPSCVEs › CVE-2024-4879

CVE-2024-4879 — ServiceNow Improper Input Validation Vulnerability

CISA KEVExploited: confirmedServiceNow

ServiceNow Utah, Vancouver, and Washington DC Now Platform releases contain a jelly template injection vulnerability in UI macros. An unauthenticated user could exploit this vulnerability to execute code remotely.

Vulnerability details