CVE-2024-4879 PoC — ServiceNow 安全漏洞

Source

https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-4879.yaml

Associated Vulnerability

Title:ServiceNow 安全漏洞 (CVE-2024-4879)
Description:ServiceNow是美国ServiceNow公司的一个云计算平台。以帮助公司管理企业运营的数字工作流程。 ServiceNow存在安全漏洞。攻击者利用该漏洞可以在 Now Platform 环境中远程执行代码。

Description

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.

File Snapshot


 id: CVE-2024-4879

info:
  name: ServiceNow UI Macros - Template Injection
  author: DhiyaneshDk,rit

...

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!