FortiDAST performs automated black-box dynamic application security testing of web applications to identify vulnerabilities that bad actors may exploit.
This outbreak alert on ServiceNow covers two vulnerability that is CVE-2024-4879 and CVE-2024-5217.
CVE-2024-4879 is a critical vulnerability discovered in the ServiceNow platform (Vancouver, Washington DC, and Utah releases). This security flaw allows unauthenticated users to execute arbitrary code within the context of the Now Platform. This could lead to severe consequences, such as unauthorized access to sensitive data, system compromise, and disruption of critical services.
CVE-2024-5217 is a critical vulnerability that affects the ServiceNow Platform (Vancouver, Washington DC, and Utah releases). This vulnerability arises due to a flaw in the platform's authentication and authorization mechanisms. The vulnerability can be exploited by an unauthenticated user by sending a specially crafted request to the affected API endpoint. This flaw allows unauthenticated users to bypass intended security measures and gain unauthorized access to the platform.
This article describes the assessment of Remote Code Execution vulnerability in ServiceNow Platform.
Scope
FortiDAST Scripting Engine updated in version 24.3.0-buildforti0010(GA)
Solution
Detection against that vulnerability is empowered by the FortiDAST Scripting Engine (FSE).
This technology enables FortiDAST to assess remotely with a high level of confidence if an asset is vulnerable to a specific vulnerability by testing the disarmed exploit against the asset itself.
To configure the scan, it will be necessary to enable the FSE group signature 'servicenow' which will select the underlying script as per the scan requirement: 'CVE-2024-4879 Jelly Template Injection on ServiceNow Vulnerability' and 'CVE-2024-5217 ServiceNow Incomplete Input Validation Vulnerability.'
