clayton@site:~/news$ cat cve-2024-5217-servicenow-utah-vancouver-and-washington-dc-now-platform.log

CVE-2024-5217 — ServiceNow Incomplete List of Disallowed Inputs Vulnerability

2024-07-29 • CISA Known Exploited Vulnerability

[event] ServiceNow Washington DC, Vancouver, and earlier Now Platform releases contain an incomplete list of disallowed inputs vulnerability in the GlideExpression script. An unauthenticated user could exploit this vulnerability to execute code remotely.

> AFFECTED SOFTWARE

Field	Value
Vendor	ServiceNow
Product	Utah, Vancouver, and Washington DC Now Platform
CWE	CWE-184
CVE ID	CVE-2024-5217
Date Added	2024-07-29
Due Date	2024-08-19
Ransomware Campaign	Unknown

> MITIGATION

Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

Due Date: 2024-08-19

> REFERENCES

[1] https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1648313
[2] https://nvd.nist.gov/vuln/detail/CVE-2024-5217