Security News > 2024 > July > Critical ServiceNow RCE flaws actively exploited to steal credentials
Threat actors are chaining together ServiceNow flaws using publicly available exploits to breach government agencies and private firms in data theft attacks.
On July 10, 2024, ServiceNow made hotfixes available for CVE-2024-4879, a critical input validation flaw enabling unauthenticated users to perform remote code execution on multiple versions of the Now Platform.
The next day, on July 11, Assetnote researchers who discovered the flaw published a detailed write-up about CVE-2024-4879 and two more flaws in ServiceNow that can be chained for full database access.
Resecurity has seen elevated chatter about the ServiceNow flaws on underground forums, especially by users seeking access to IT service desks and corporate portals, indicating a high interest from the cybercrime community.
CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks.
RCE bug in widely used Ghostscript library now exploited in attacks.
News URL
Related news
- SolarWinds fixes critical RCE bug affecting all Web Help Desk versions (source)
- Critical RCE bug in SolarWinds Web Help Desk fixed (CVE-2024-28986) (source)
- CISA warns critical SolarWinds RCE bug is exploited in attacks (source)
- SolarWinds left critical hardcoded credentials in its Web Help Desk product (source)
- Week in review: SonicWall critical firewalls flaw fixed, APT exploits WPS Office for Windows RCE (source)
- Veeam warns of critical RCE flaw in Backup & Replication software (source)
- Apache OFBiz team patches critical RCE vulnerability (CVE-2024-45195) (source)
- D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers (source)
- Exploit code released for critical Ivanti RCE flaw, patch now (source)
- SolarWinds Issues Patch for Critical ARM Vulnerability Enabling RCE Attacks (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-07-10 | CVE-2024-4879 | Unspecified vulnerability in Servicenow Utah/Vancouver/Washingtondc ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. | 9.8 |