How severe is CVE-2024-4879?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2024-4879?

This is classified as CWE-1287, which is a common weakness in software security.

CVE-2024-4879 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted instances, and ServiceNow released the update to our partners and self-hosted customers. Listed below are the patches and hot fixes that address the vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.

Related Vulnerabilities

CVE-2024-51550

CRITICAL

CVSS:9.8(Critical)

Data Validation / Data Sanitization vulnerabilities in Linux allows unvalidated and unsanitized data to be injected in an Aspect device. Affected products: ABB ASPECT - Enterprise v3.08.02; NEXUS Seri...

CWE-12872024

CVE-2024-6298

CRITICAL

CVSS:9.8(Critical)

Unauthorized file access in WEB Server in ABB ASPECT - Enterprise v3.08.01; NEXUS Series v3.08.01 ; MATRIX Series v3.08.01 allows Attacker to execute arbitrary code remotely

CWE-12872024

CVE-2024-51551

CRITICAL

CVSS:10.0(Critical)

Default Credentail vulnerabilities in ASPECT on Linux allows access to the product using publicly available default credentials. Affected products: ABB ASPECT - Enterprise v3.07.02; NEXUS Series v3.07...

CWE-12872024

CVE-2024-5594

CRITICAL

CVSS:9.1(Critical)

OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.

CWE-12872024

CVE-2023-29126

HIGH

CVSS:8.8(High)

The Waybox Enel X web management application contains a PHP-type juggling vulnerability that may allow a brute force process and under certain conditions bypass authentication.

CWE-12872023

CVE-2024-3175

HIGH

CVSS:8.8(High)

Insufficient data validation in Extensions in Google Chrome prior to 120.0.6099.62 allowed a remote attacker to perform privilege escalation via a crafted Chrome Extension. (Chromium security severity...

CWE-12872024