THREATOPS
THREAT OPSCVEs › CVE-2024-5217

CVE-2024-5217 — ServiceNow Incomplete List of Disallowed Inputs Vulnerability

CISA KEVExploited: confirmedServiceNow

ServiceNow Washington DC, Vancouver, and earlier Now Platform releases contain an incomplete list of disallowed inputs vulnerability in the GlideExpression script. An unauthenticated user could exploit this vulnerability to execute code remotely.

Vulnerability details