CVE-2024-8924

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-8924
ServiceNow has addressed a blind SQL injection vulnerability that was identified in the Now Platform. This vulnerability could enable an unauthenticated user to extract unauthorized information. ServiceNow deployed an update to hosted instances, and ServiceNow provided the update to our partners and self-hosted customers. Further, the vulnerability is addressed in the listed patches and hot fixes.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1706072 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:servicenow:servicenow:xanadu:-:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:xanadu:early_availability:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:xanadu:early_availability_hotfix_1:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:servicenow:servicenow:vancouver:-:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:early_availability:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:early_availability_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:early_availability_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_1_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_10:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_10_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_2_hotfix1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_3_hotfix_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_1b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_4_hotfix_2b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_5:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_5_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_6:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_6_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_6_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_2b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_3a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_3b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotfix_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_1b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_2a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_7_hotifix_2b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_8:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_8_hotfix_5:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_9:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_9_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_9_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_9_hotfix_2a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_9_hotfix_2b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:vancouver:patch_9_hotfix_3a:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:a:servicenow:servicenow:washington_dc:-:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:early_availability:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:early_availability_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_2b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_1_hotfix_3b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_2_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_3_hotfix_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4_hotfix_1a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4_hotfix_1b:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_4_hotfix_2a:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_5:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_5_hotfix_1:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_5_hotfix_2:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_5_hotfix_3:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_5_hotfix_4:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_5_hotfix_5:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_5_hotfix_6:*:*:*:*:*:*
cpe:2.3:a:servicenow:servicenow:washington_dc:patch_6:*:*:*:*:*:*
History

No history.

Information

Published : 2024-10-29 17:15

Updated : 2024-11-27 19:32

NVD link : CVE-2024-8924

Mitre link : CVE-2024-8924

CVE.ORG link : CVE-2024-8924

JSON object : View

Products Affected

servicenow

  • servicenow
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')