Technical Severity
CRITICAL
CVSS v3.1 Metrics
9.8
/ 10
Minimal Risk
Critical
Vector Specification
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitation Likelihood
EPSS Prediction
94.35
%
Predictive Probability
Percentile Rank
100.0
th
Documented as more likely to be exploited than 100.0% of known CVEs.
Detection Date
Jul 29, 2024
Remediation Due
Aug 19, 2024
CISA Catalog Active
Threat Analysis
ServiceNow Utah, Vancouver, and Washington DC Now Platform releases contain a jelly template injection vulnerability in UI macros. An unauthenticated user could exploit this vulnerability to execute code remotely.
Remediation Directive
Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.