CVE-2024-8923 - Sandbox Escape in Now Platform<!-- .SOKMKBArticle table.landingTable{ background: #283d40; width: 100%; border: 1px solid; border-color: #283d40; border-spacing:1px; } .SOKMKBArticle .header { background: #ffffff; padding: 15px 10px 10px 10px; margin: 30px 25px 0px 25px; width: 100%; border: 2px solid; border-color:#283d40; border-radius: 3px; text-align: center; } .SOKMKBArticle .footer2 { background: #ffffff; padding: 0px 10px 20px 10px; width: 100%; border: 2px solid; border-color:#283d40; border-radius: 3px; } .SOKMKBArticle .section { display: inline-block; border-radius: 3px; padding: 10px 10px 10px 10px; } .SOKMKBArticle .sop { background: #ffffff; padding: 5px 10px 10px 10px; margin: 5px 5px 5px 5px; height: 300px; border: 2px solid; border-radius: 3px; vertical-align: top; } .SOKMKBArticle .cwf { background: #ffffff; padding: 5px 10px 10px 10px; margin: 5px 5px 5px 5px; height: 100px; border: 2px solid; border-radius: 3px; vertical-align: top; } .SOKMKBArticle .rnr { background: #ffffff; padding: 5px 10px 10px 10px; margin: 5px 5px 5px 5px; height: 200px; width: 830px; border: 2px solid; border-radius: 3px; } .SOKMKBArticle .faq { background: #ffffff; padding: 5px 10px 10px 10px; margin: 5px 5px 5px 5px; height: 200px; width: 100%; border: 2px solid; border-radius: 3px; } .SOKMKBArticle .training { width: 100%; padding: 10px 5px 10px 5px; background-color: #b0e1ce; border: 1px solid; border-color: #81b5a1; } .SOKMKBArticle .training1 { width: 100%; padding: 10px 5px 10px 5px; background-color: #68a1af; border: 3px solid; border-color: #283d40; } .SOKMKBArticle .training2 { width: 100%; padding: 10px 5px 10px 5px; background-color: #fbd0b3; border: 3px solid; border-color: #ff924e; } .SOKMKBArticle .training3 { width: 100%; padding: 10px 5px 10px 5px; background-color: #e1eeea; border: 3px solid; border-color: #81b5a1; } .SOKMKBArticle .training4 { width: 100%; padding: 10px 5px 10px 5px; background-color: #dcf8ed; border: 3px solid; border-color: #64ddac; } .SOKMKBArticle .changetype { padding: 5px 5px 5px 15px; margin-top: 5px; background-color: #f5f9f7; border: 1px solid; border-color: #81b5a1; border-radius: 10px; } .SOKMKBArticle .button { padding: 5px 5px 5px 15px; margin-top: 5px; color: #ffffff; background-color: #ff924e; border: 1px solid; border-color: #cc4e00; border-radius: 10px; } .SOKMKBArticle div.margin{ padding: 10px 40px 40px 30px; color: #283d40; font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; font-size: 10pt; } .SOKMKBArticle div.margin2{ margin: 10px 10px 10px 10px; color: #283d40; font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; font-size: 10pt; border: 40px solid; border-color: #283d40; } .SOKMKBArticle div.fed{ background-color: #f5f8fa; border: 1px solid; border-color: #bfbfbf; padding: 10px; } .SOKMKBArticle .FedRestricted{ background-color: #c00000; color: #ffffff; padding: 10px; margin-top: 10px; text-align: center; font-size: 14pt; font-weight: bold; } .SOKMKBArticle .CustRestricted{ background-color: #ff0000; color: #ffffff; padding: 10px; margin-top: 10px; text-align: center; font-size: 14pt; font-weight: bold; } .SOKMKBArticle .SNRestricted{ background-color: #ea700d; color: #ffffff; padding: 10px; margin-top: 10px; text-align: center; font-size: 14pt; font-weight: bold; } .SOKMKBArticle .SNConfidential{ background-color: #ffc000; color: #ffffff; padding: 10px; margin-top: 10px; text-align: center; font-size: 14pt; font-weight: bold; } .SOKMKBArticle .Public{ background-color: #00b050; color: #ffffff; padding: 10px; margin-top: 10px; text-align: center; font-size: 14pt; font-weight: bold; } .SOKMKBArticle table.tocTable{ border: 1px solid; border-color:#f2f2f2; background-color: #f2f2f2; padding-top: .6em; padding-bottom: .6em; padding-left: .9em; padding-right: .6em; } .SOKMKBArticle table.noteTable{ align: left; border: none; border-color: #81b5a1; background-color: #f2f2f2; width: 100%; border-spacing:2; font-size:12px; } .SOKMKBArticle table.internalTable{ border-top: 1px solid; border-left: 1px solid; border-color:#81b5a1; width: 100%; border-spacing:1px; } .SOKMKBArticle .sp td{ border-bottom: 1px solid; border-right: 1px solid; border-color: #81b5a1; background-color: #ffffff; height: 20px; padding-top: .5em; padding-bottom: .5em; padding-left: .5em; padding-right: .5em; } .SOKMKBArticle .sphr td{ border-right: 1px solid; border-bottom: 1px solid; border-color: #81b5a1; background-color: rgb(245, 245, 245); padding-top: .5em; padding-bottom: .5em; padding-left: .5em; padding-right: .5em; height: 20px; } .SOKMKBArticle .sh td{ border-bottom: 1px solid; border-right: 1px solid; border-color:#81b5a1; background-color: #81b5a1; color: #ffffff; height: 20px; padding-top: .5em; padding-bottom: .5em; padding-left: .5em; padding-right: .5em; } .SOKMKBArticle th { padding-top: .5em; padding-bottom: .5em; padding-left: .5em; padding-right: .5em; border-bottom: 1px solid; border-right: 1px solid; border-color:#81b5a1; background-color: #283d40; font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; font-size: 10pt; color: #ffffff; height: 20px; } .SOKMKBArticle td { border-color:#81b5a1; font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; font-size: 10pt; color: #283d40; padding: 6px 12px; } .SOKMKBArticle p { color: #283d40; font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; } .SOKMKBArticle li { color: #283d40; font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; font-size: 10pt; line-height: 1.5; } .SOKMKBArticle pre { font-family: Courier New; } .SOKMKBArticle div { font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; } .SOKMKBArticle hr { border-top-width: 1px; border-top-style: solid; border-top-color: #81b5a1; } .SOKMKBArticle a { color: #81b5a1; } .SOKMKBArticle a.two:link { padding: 15px 45px 15px 45px; margin-top: 20px; color: #ffffff; text-align: center; background-color: #81b5a1; border: 1px solid; border-color: #81b5a1; } .SOKMKBArticle a.two:visited { padding: 15px 45px 15px 45px; margin-top: 20px; color: #ffffff; text-align: center; background-color: #81b5a1; border: 1px solid; border-color: #81b5a1; } .SOKMKBArticle a.two:hover { color: #ffffff; background-color: #259b8a; } .SOKMKBArticle a.three:link { padding: 15px 45px 15px 45px; margin-top: 20px; color: #ffffff; text-align: center; background-color: #283d40; border: 2px solid; border-color: #81b5a1; } .SOKMKBArticle a.three:visited { padding: 15px 45px 15px 45px; margin-top: 20px; color: #ffffff; text-align: center; background-color: #283d40; border: 2px solid; border-color: #81b5a1; } .SOKMKBArticle a.three:hover { color: #283d40; background-color: #81b5a1; border: 2px solid; border-color: #81b5a1; } .SOKMKBArticle a.four:link { padding: 15px 45px 15px 45px; margin-top: 20px; color: #283d40; text-align: center; background-color: #ffffff; border: 2px solid; border-color: #81b5a1; } .SOKMKBArticle a.four:visited { padding: 15px 45px 15px 45px; margin-top: 20px; color: #283d40; text-align: center; background-color: #ffffff; border: 2px solid; border-color: #81b5a1; } .SOKMKBArticle a.four:hover { color: #ffffff; background-color: #259b8a; border: 2px solid; border-color: #259b8a; } .SOKMKBArticle a.five:link { padding: 15px 45px 15px 45px; margin-top: 20px; color: #283d40; text-align: center; background-color: #ffffff; border: 2px solid; border-color: #64ddac; } .SOKMKBArticle a.five:visited { padding: 15px 45px 15px 45px; margin-top: 20px; color: #283d40; text-align: center; background-color: #ffffff; border: 2px solid; border-color: #64ddac; } .SOKMKBArticle a.five:hover { color: #283d40; background-color: #28b980; border: 2px solid; border-color: #28b980; } .SOKMKBArticle a.six:link { padding: 15px 45px 15px 45px; margin-top: 20px; color: #283d40; text-align: center; background-color: #64ddac; border: 2px solid; border-color: #64ddac; } .SOKMKBArticle a.six:visited { padding: 15px 45px 15px 45px; margin-top: 20px; color: #283d40; text-align: center; background-color: #ffffff; border: 2px solid; border-color: #81b5a1; } .SOKMKBArticle a.six:hover { color: #283d40; background-color: #28b980; border: 2px solid; border-color: #28b980; } .SOKMKBArticle a.seven:link { padding: 15px 45px 15px 45px; margin-top: 20px; color: #283d40; text-align: center; background-color: #ffffff; border: 2px solid; border-color: #283d40; } .SOKMKBArticle a.seven:visited { padding: 15px 45px 15px 45px; margin-top: 20px; color: #283d40; text-align: center; background-color: #ffffff; border: 2px solid; border-color: #283d40; } .SOKMKBArticle a.seven:hover { color: #283d40; background-color: #c8dbdd; border: 2px solid; border-color: #283d40; } .SOKMKBArticle a.eight:link { padding: 15px 45px 15px 45px; margin-top: 20px; color: #ffffff; text-align: center; background-color: #283d40; border: 2px solid; border-color: #283d40; } .SOKMKBArticle a.eight:visited { padding: 15px 45px 15px 45px; margin-top: 20px; color: #ffffff; text-align: center; background-color: #283d40; border: 2px solid; border-color: #283d40; } .SOKMKBArticle a.eight:hover { color: #283d40; background-color: #c8dbdd; border: 2px solid; border-color: #283d40; } .SOKMKBArticle a.nine:link { padding: 15px 45px 15px 45px; margin-top: 20px; color: #283d40; text-align: center; background-color: #ffffff; border: 2px solid; border-color: #ff924e; } .SOKMKBArticle a.nine:visited { padding: 15px 45px 15px 45px; margin-top: 20px; color: #283d40; text-align: center; background-color: #ffffff; border: 2px solid; border-color: #ff924e; } .SOKMKBArticle a.nine:hover { color: #ffffff; background-color: #933700; border: 2px solid; border-color: #933700; } .SOKMKBArticle a.ten:link { padding: 15px 45px 15px 45px; margin-top: 20px; color: #283d40; text-align: center; background-color: #ff924e; border: 2px solid; border-color: #ff924e; } .SOKMKBArticle a.ten:visited { padding: 15px 45px 15px 45px; margin-top: 20px; color: #283d40; text-align: center; background-color: #ff924e; border: 2px solid; border-color: #ff924e; } .SOKMKBArticle a.ten:hover { color: #ffffff; background-color: #933700; border: 2px solid; border-color: #933700; } .SOKMKBArticle .button { padding: 15px 45px 15px 45px; margin-top: 20px; color: #ffffff; text-align: center; background-color: #1F8476; border: 1px solid; border-color: #1F8476; } .SOKMKBArticle .title { font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; color: #81b5a1; font-size: 30pt; } .SOKMKBArticle .hd1{ font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; color: #283d40; font-size: 20pt; border-bottom: 1px solid; border-bottom-color: #81b5a1; text-decoration: none; } .SOKMKBArticle h1 { font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; color: #283d40; font-size: 20pt; font-weight: normal; border-bottom: 1px solid; border-bottom-color: #81b5a1; text-decoration: none; } .SOKMKBArticle .hd2{ font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; color: #68a1af; font-weight:bold; font-size: 16pt; text-decoration: none; } .SOKMKBArticle h2 { font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; color: #68a1af; font-weight:bold; font-size: 16pt; font-weight: normal; text-decoration: none; } .SOKMKBArticle .hd3{ font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; color: #283d40; font-weight: normal; font-size:14pt; text-decoration: none; } .SOKMKBArticle h3 { font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; color: #283d40; font-weight: normal; font-size:14pt; text-decoration: none; } .SOKMKBArticle .hd4{ font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; color: #283d40; font-weight: normal; font-size: 12pt; text-decoration: none; } .SOKMKBArticle h4 { font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; color: #283d40; font-weight: normal; font-size: 12pt; text-decoration: none; } .SOKMKBArticle .SOKMKBArticle .hd5{ font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; color: #283d40; font-weight: bold; font-size: 10pt; text-decoration: bold; } .SOKMKBArticle h5 { font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; color: #283d40; font-weight: bold; font-size: 10pt; text-decoration: bold; } .SOKMKBArticle .hd6{ font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; color: #283d40; font-weight: normal; font-size: 10pt; text-decoration: underline; } .SOKMKBArticle h6 { font-family: Century Gothic, Verdana, Helvetica, Arial, sans-serif; color: #283d40; font-weight: normal; font-size: 10pt; text-decoration: underline; } .SOKMKBArticle details { font-size: 10pt; } .SOKMKBArticle details[open] summary ~ * { animation: sweep .5s; } @keyframes sweep { 0% {opacity: 0; margin-top: -10px} 100% {opacity: 1; margin-top: 0px} } .SOKMKBArticle summary { cursor: pointer; outline: none; } .SOKMKBArticle .summary { background-color: #81b5a1; font-size: 10px; color: white; cursor: pointer; padding: 5px; width: 100%; border: none; text-align: left; outline: none; vertical-align: top; } --> ServiceNow Posture October, 2024 Description ServiceNow has addressed an input validation vulnerability that was identified in the Now Platform releases prior to Xanadu General Availability. This vulnerability could potentially enable an unauthenticated user to remotely execute code within the context of the Now Platform. Resolution During the August 2024 Patching Program, ServiceNow released patches (listed below) to customers that addressed this vulnerability. If you have not done so already, we recommend applying security patches relevant to your instance as soon as possible. ReleaseFixed Version Xanadu Xanadu GA Release Washington DC Washington DC Patch 4 Hot Fix 1a Washington DC Patch 5 Vancouver Vancouver Patch 9 Hot Fix 2a Vancouver Patch 10 Additional Resources For more details, please see the following resources: https://www.cve.org/CVERecord?id=CVE-2024-8923 KB1703444 (NowSupport Login Required) Change Log VersionPublishedSummary of Changes1.0October 29, 2024Initial publication