CVE-2024-4879

ServiceNow Utah, Vancouver, and Washington DC Now Platform releases contain a jelly template injection vulnerability in UI macros. An unauthenticated user could exploit this vulnerability to execute code remotely. Vendor/Product: ServiceNow Utah, Vancouver, and Washington DC Now Platform. Added to CISA KEV 2024-07-29; required action: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.