One other analysis agency Assetnote added another bug (CVE-2024-5178), with much less severity, to the listing, however mentioned, that when chained collectively, hackers can exploit the vulnerabilities to entry the ServiceNow database.
“These vulnerabilities allow unauthenticated distant attackers to execute arbitrary code throughout the Now Platform, doubtlessly resulting in compromise, knowledge theft, and disruption of enterprise operations,” Resecurity wrote in a weblog publish.
So as to add gas to the fireplace, a report by DarkReading has claimed that the vulnerabilities have been exploited and knowledge of varied organizations have been stolen. Extra so, the stolen knowledge, acquired utilizing these vulnerabilities, is being supplied on the market on the darkish internet for a mere $5,000, DarkReading reported citing BreachForums.
