clayton@site:~/news$ cat cve-2024-4879-servicenow-utah-vancouver-and-washington-dc-now-platform.log

CVE-2024-4879 — ServiceNow Improper Input Validation Vulnerability

2024-07-29 • CISA Known Exploited Vulnerability

[event] ServiceNow Utah, Vancouver, and Washington DC Now Platform releases contain a jelly template injection vulnerability in UI macros. An unauthenticated user could exploit this vulnerability to execute code remotely.

> AFFECTED SOFTWARE

Field	Value
Vendor	ServiceNow
Product	Utah, Vancouver, and Washington DC Now Platform
CWE	CWE-1287
CVE ID	CVE-2024-4879
Date Added	2024-07-29
Due Date	2024-08-19
Ransomware Campaign	Unknown

> MITIGATION

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Due Date: 2024-08-19

> REFERENCES

[1] https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1645154
[2] https://nvd.nist.gov/vuln/detail/CVE-2024-4879