What is the vulnerability?A critical input validation vulnerability (CVE-2024–4879) is identified in ServiceNow’s Now platform hosted in Vancouver and Washington DC, exploiting this vulnerability could lead to potential data breaches and unauthorized system access. Threat actors may weaponize proof-of-concept (PoC) exploits which are publicly available. CISA added CVE-2024–4879 to its Known Exploited Vulnerabilities (KEV) Catalog on July 29, 2024.What is the recommended Mitigation?ServiceNow has released updates for the affected instances. CVE-2024-4879 – Jelly Template Injection Vulnerability in ServiceNow UI Macros – SecurityWhat FortiGuard Coverage is available?FortiGuard Labs recommends users to apply the patches released by the vendor immediately to secure their systems.FortiGuard Intrusion Prevention Service (IPS) protection is currently being investigated to defend against exploitation of CVE-2024-4879.The FortiGuard Incident Response team can be engaged to help with any suspected compromise.
More Stories
openjpeg2-2.5.3-1.fc40
FEDORA-2024-272544ceb9 Packages in this update: openjpeg2-2.5.3-1.fc40 Update description: Update to openjpeg-2.5.3 Fix 2 heap-buffer-overflow Read More
libxml2-2.12.9-1.fc40
FEDORA-2024-9f3765a04b Packages in this update: libxml2-2.12.9-1.fc40 Update description: Update to 2.12.9 Fixes CVE-2024-40896 Read More
libxml2-2.12.9-1.fc41
FEDORA-2024-867a14de12 Packages in this update: libxml2-2.12.9-1.fc41 Update description: Update to 2.12.9 Fixes CVE-2024-40896. Read More
iwd-3.3-1.fc40 libell-0.71-1.fc40
FEDORA-2024-0fa283c43a Packages in this update: iwd-3.3-1.fc40 libell-0.71-1.fc40 Update description: iwd 3.3: Fix issue with handling External Authentication. iwd 3.2: Fix...
iwd-3.3-1.fc41 libell-0.71-1.fc41
FEDORA-2024-256818da09 Packages in this update: iwd-3.3-1.fc41 libell-0.71-1.fc41 Update description: iwd 3.3: Fix issue with handling External Authentication. iwd 3.2: Fix...
A Vulnerability in Apache Struts2 Could Allow for Remote Code Execution
A vulnerability has been discovered in Apache Struts2, which could allow for remote code execution. Apache Struts2 is an open-source...