FlagThis

Critical vulnerabilities in ServiceNow are being actively exploited, posing a significant threat, especially to systems in Israel. Three key flaws, CVE-2024-4879, CVE-2024-5217, and CVE-2024-5178, have been identified and are under active attack. These vulnerabilities, some over a year old, were initially disclosed in early 2023 and patches were provided by ServiceNow. Despite the patches, exploitation activities have surged, particularly targeting Israeli systems.

These vulnerabilities allow threat actors to gain unauthorized access, potentially leading to data breaches and operational disruptions. CVE-2024-4879 is a template injection vulnerability allowing remote code execution. CVE-2024-5217 and CVE-2024-5178 involve input validation errors that can be exploited to manipulate data and bypass security controls, potentially granting full database access. Organizations that failed to apply ServiceNow patches last year are continuing to fall victim.

ImgSrc: static.wixstati

References :

• hackread.com: Report of attacks exploiting year-old ServiceNow flaws, with Israel being the hardest hit.
• www.itpro.com: ServiceNow vulnerabilities and the impact on unpatched systems.
• Rescana: Details on the critical vulnerabilities in ServiceNow being exploited, particularly in Israel.
• www.scworld.com: The threat actors are exploiting three-year-old vulnerabilities in ServiceNow.

Classification:

• HashTags: #ServiceNow #Vulnerability #Exploit
• Company: ServiceNow
• Target: Various, Primarily Israel
• Product: ServiceNow
• Type: Vulnerability
• Severity: Major