Another research firm Assetnote added one bug (CVE-2024-5178), which is less severe, to the list, but said that, if tied together, hackers could use the vulnerability to gain access to the ServiceNow database.
“This vulnerability allows unauthorized remote attackers to execute arbitrary code within the Now Platform, which could lead to compromise, data theft, and business disruption,” Resecurity wrote in a blog post.
Adding fuel to the fire, the DarkReading report claims that the vulnerability has been exploited and stolen information from various organizations. In addition, stolen data, obtained using this vulnerability, is sold on the dark web for as little as $5,000, reports DarkReading citing BreachForums.
Source link