Detections
Analytics

ServiceNow Platform Jelly Template Injection (CVE-2024-4879)

critical Nessus Plugin ID 286265

Synopsis

ServiceNow Platform is affected by a Jelly template injection vulnerability.

Description

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington, D.C. Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to the version referenced in the vendor advisory.

See Also

http://www.nessus.org/u?39b95cbb

Plugin Details

Severity: Critical

ID: 286265

File Name: servicenow_platform_CVE-2024-4879.nasl

Version: 1.1

Type: remote

Family: CGI abuses

Published: 1/15/2026

Updated: 1/15/2026

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2024-4879

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Vulnerability Information

CPE: cpe:/a:servicenow:servicenow

Required KB Items: installed_sw/ServiceNow Platform

Patch Publication Date: 7/10/2024

Vulnerability Publication Date: 7/10/2024

Reference Information

CVE: CVE-2024-4879

IAVA: 2024-A-0454