CISA: Immediate patching of critical ServiceNow bugs needed - #CVE-2024-4879
Critical vulnerabilities in ServiceNow's cloud-based platform for managing digital workflows have been actively exploited by threat actors in a global campaign. The most severe flaws, CVE-2024-4879 and CVE-2024-5217, allowed remote code execution, while CVE-2024-5178 enabled unauthorized access to sensitive files. Despite patches being released, many organizations failed to update promptly, leaving their systems vulnerable. Attackers used exploits to inject payloads, dump user credentials (some in plaintext), and potentially gain access to IT service desks and corporate portals. The consequences varied from data exposure to potential ransomware attacks. Sectors like government, critical infrastructure, and finance were targeted, with high interest from cybercriminals due to ServiceNow's widespread use. Authorities like CISA urged immediate patching to mitigate the risks.