ServiceNow是一个业务转型平台。通过平台上的各个模块,ServiceNow可用于从人力资源和员工管理到自动化工作流程或作为知识库等各种用途。
鉴于漏洞危害较大,嘉诚安全提醒相关用户尽快更新至安全版本,避免引发漏洞相关的网络安全事件。
CVE-2024-4879:
ServiceNow < Utah Patch 10 Hot Fix 3
ServiceNow < Vancouver Patch 6 Hot Fix 2
ServiceNow < Vancouver Patch 7 Hot Fix 3b
ServiceNow < Vancouver Patch 8 Hot Fix 4
ServiceNow < Vancouver Patch 9
ServiceNow < Vancouver Patch 10
ServiceNow < Washington DC Patch 1 Hot Fix 2b
ServiceNow < Washington DC Patch 2 Hot Fix 2
ServiceNow < Washington DC Patch 3 Hot Fix 1
ServiceNow < Washington DC Patch 4
CVE-2024-5217:
ServiceNow < Utah Patch 10 Hot Fix 3
ServiceNow < Utah Patch 10a Hot Fix 2
ServiceNow < Utah Patch 10b Hot Fix 1
ServiceNow < Vancouver Patch 6 Hot Fix 2
ServiceNow < Vancouver Patch 7 Hot Fix 3b
ServiceNow < Vancouver Patch 8 Hot Fix 4
ServiceNow < Vancouver Patch 9 Hot Fix 1
ServiceNow < Vancouver Patch 10
ServiceNow < Washington DC Patch 1 Hot Fix 3b
ServiceNow < Washington DC Patch 2 Hot Fix 2
ServiceNow < Washington DC Patch 3 Hot Fix 2
ServiceNow < Washington DC Patch 4
ServiceNow < Washington DC Patch 5
Utah >= Patch 10 Hot Fix 3
Utah >= Patch 10a Hot Fix 2
Utah >= Patch 10b Hot Fix 1
Vancouver >= Patch 6 Hot Fix 2
Vancouver >= Patch 7 Hot Fix 3b
Vancouver >= Patch 8 Hot Fix 4
Vancouver >= Patch 9 Hot Fix 1
Vancouver >= Patch 10
Washington DC >= Patch 1 Hot Fix 3b
Washington DC >= Patch 2 Hot Fix 2
Washington DC >= Patch 3 Hot Fix 2
Washington DC >= Patch 4
Washington DC >= Patch 5
官方链接:
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1648313
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1645154
参考链接:
https://www.assetnote.io/resources/research/chaining-three-bugs-to-access-all-your-servicenow-data

原文始发于微信公众号(嘉诚安全):【漏洞通告】ServiceNow多个高危漏洞安全风险通告
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论