CVE-2024-5217: ServiceNow Incomplete List of Disallowed Inputs

ServiceNow Incomplete List of Disallowed Inputs Vulnerability. ServiceNow Washington DC, Vancouver, and earlier Now Platform releases contain an incomplete list of disallowed inputs vulnerability in the GlideExpression script. An unauthenticated user could exploit this vulnerability to execute code remotely.

• CISA KEV-listed (remediation due 2024-08-19)
• EPSS 94.1% (99.9% percentile)

Browse the CVE database

Read the full analysis on IntelFusions