ServiceNow, a widely used platform for business transformation, has recently disclosed three critical security vulnerabilities that could have severe consequences for organizations worldwide. These vulnerabilities, identified as CVE-2024–4879, CVE-2024–5217, and CVE-2024–5178, affect various versions of the Now Platform.
The most alarming of these flaws are CVE-2024–4879 and CVE-2024–5217, both carrying a critical CVSSv4 score of 9.3 and 9.2, respectively. These vulnerabilities enable unauthenticated remote attackers to execute arbitrary code within the Now Platform, potentially leading to complete system compromise, data theft, and disruption of critical business operations.
FOFA Query: app="servicenow-Products"
SHODAn Query: Server: ServiceNow
- Can Scans mass targets
- Dump Database
- Handles SSL warnings
git clone https://github.com/0xWhoami35/CVE-2024-4879.git
cd CVE-2024-4879
pip3 install -r requirements.txt (Install python library)
python3 exp.py -i https://example.com (For Single Target)
python3 exp.py -m urls.txt (For multiple targets)