CVE-2024-4879 Jelly Template Injection Vulnerability in ServiceNow

ServiceNow, a widely used platform for business transformation, has recently disclosed three critical security vulnerabilities that could have severe consequences for organizations worldwide. These vulnerabilities, identified as CVE-2024–4879, CVE-2024–5217, and CVE-2024–5178, affect various versions of the Now Platform.

The most alarming of these flaws are CVE-2024–4879 and CVE-2024–5217, both carrying a critical CVSSv4 score of 9.3 and 9.2, respectively. These vulnerabilities enable unauthenticated remote attackers to execute arbitrary code within the Now Platform, potentially leading to complete system compromise, data theft, and disruption of critical business operations.

The third vulnerability, CVE-2024–5178, with a CVSSv4 score of 4.0, allows administrative users to gain unauthorized access to sensitive files on the web application server. While not as severe as the previous two, this flaw still poses a significant risk of data exposure and unauthorized access to confidential information.

Query:

FOFA Query: app="servicenow-Products"
SHODAn Query: Server: ServiceNow

CVE-2024–4879 Exploit & PoC — Nuclei Template:

https://github.com/Brut-Security/CVE-2024-4879

For Detecting Jelly Template Injection Vulnerability

nuclei -l target.txt -t servicenow-db-exploit.yaml -silent

Python script designed to detect specific vulnerabilities in ServiceNow instances and dump database connection details if the vulnerability is found.

python CVE-2024-4879.py -f urls.txt

Reference:

1. https://securityonline.info/servicenow-security-alert-critical-vulnerabilities-expose-businesses-to-rce-and-data-breaches/
2. https://github.com/Mr-r00t11/CVE-2024-4879
3. https://github.com/Brut-Security/CVE-2024-4879