Skip to content

CVE-2024-5217

is CVE-2024-5217real, exploitable, or a false positive? Here's the community ground truth.

☆ Watch
Critical · CVSS 9.8EPSS 99.6%CISA KEVCWE-184
Affected:Servicenow

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addressed in the listed patches and hot fixes below, which were released during the June 2024 patching cycle. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible.

References

NVD MITRE CVE.org CISA KEV

Published

Embed this verdict
TruePositive verdict for CVE-2024-5217
Markdown
[![TruePositive verdict](https://www.truepositive.app/cve/CVE-2024-5217/badge.svg)](https://www.truepositive.app/cve/CVE-2024-5217)
HTML
<a href="https://www.truepositive.app/cve/CVE-2024-5217"><img src="https://www.truepositive.app/cve/CVE-2024-5217/badge.svg" alt="TruePositive verdict for CVE-2024-5217"></a>

Live badge — updates automatically as the community verdict changes.

Community ground truth

Community verdict

2 verdicts
Not a real issue

to add your verdict.

Community real-world severity: Critical (Critical 2) — CVSS base score 9.8

In line with its CVSS base score.

Field notes & remediation

Verdicts are the quick signal — notes are the evidence and fixes behind them.

No notes yet — be the first to share what you saw or a fix that worked.

    Related CVEs

    Same weaknessCWE-184.