One other analysis agency Assetnote added yet one more bug (CVE-2024-5178), with much less severity, to the record, however stated, that when chained collectively, hackers can exploit the vulnerabilities to entry the ServiceNow database.
“These vulnerabilities allow unauthenticated distant attackers to execute arbitrary code inside the Now Platform, probably resulting in compromise, information theft, and disruption of enterprise operations,” Resecurity wrote in a weblog put up.
So as to add gas to the fireplace, a report by DarkReading has claimed that the vulnerabilities have been exploited and information of varied organizations have been stolen. Extra so, the stolen information, acquired utilizing these vulnerabilities, is being provided on the market on the darkish net for a mere $5,000, DarkReading reported citing BreachForums.
