CVE-2024-5217
ServiceNow Incomplete List of Disallowed Inputs Vulnerability
⚠ KEVEPSS 94.1%
Description
ServiceNow Washington DC, Vancouver, and earlier Now Platform releases contain an incomplete list of disallowed inputs vulnerability in the GlideExpression script. An unauthenticated user could exploit this vulnerability to execute code remotely.
How to fix CVE-2024-5217
No package mapping is available — consult the references below for vendor-specific guidance.
Is CVE-2024-5217 being exploited?
Yes — CVE-2024-5217 is on the CISA Known Exploited Vulnerabilities (KEV) catalog. Patch immediately.
Affected packages (0)
No package mapping in OSV.