Created on 2024-07-27 20:58 and updated on 2024-07-27 21:00.
Description
- KB1648313 CVE-2024-5217 - Incomplete Input Validation in GlideExpression Script 2024-07-10
- KB1648312 CVE-2024-5178 - Incomplete Input Validation in SecurelyAccess API 2024-07-10
- KB1645154 CVE-2024-4879 - Jelly Template Injection Vulnerability in ServiceNow UI Macros 2024-07-10
CVE-2024-4879 sounds to be the most serious vulnerability allowing RCE for non-authenticated users.
ref: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1226057
Vulnerabilities included in this bundle
Author
Alexandre DulaunoyCombined sightings
| Author | Vulnerability | Source | Type | Date |
|---|