CVE-2024-5890
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Published Dec 2, 2024
CWE ID 79
Summary
CVE-2024-5890 is a newly discovered HTML injection vulnerability in ServiceNow's Now Platform. This issue allows unauthenticated users to manipulate web pages or redirect users to malicious sites. ServiceNow has released patches to address this vulnerability, and it is highly recommended that users apply the relevant security updates to their instances as soon as possible to mitigate this risk. Failure to implement these patches could potentially expose organizations to security threats and data breaches.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share