One other analysis agency Assetnote added yet another bug (CVE-2024-5178), with much less severity, to the record, however stated, that when chained collectively, hackers can exploit the vulnerabilities to entry the ServiceNow database.
“These vulnerabilities allow unauthenticated distant attackers to execute arbitrary code throughout the Now Platform, doubtlessly resulting in compromise, knowledge theft, and disruption of enterprise operations,” Resecurity wrote in a weblog put up.
So as to add gas to the hearth, a report by DarkReading has claimed that the vulnerabilities have been exploited and knowledge of assorted organizations have been stolen. Extra so, the stolen knowledge, acquired utilizing these vulnerabilities, is being provided on the market on the darkish net for a mere $5,000, DarkReading reported citing BreachForums.
