ServiceNow SSTI (CVE-2024-4879)
Description
ServiceNow contains a critical server-side template injection (SSTI) vulnerability in its Jelly template engine used by UI Macros. This flaw allows remote attackers to inject malicious template code without authentication, leading to arbitrary code execution on the ServiceNow server. The vulnerability affects the core platform and can be exploited through specially crafted HTTP requests to vulnerable endpoints.
Remediation
Apply the security patches provided by ServiceNow immediately by upgrading to the patched versions specified in KB1645154. For affected versions, follow these steps:
1. Review ServiceNow KB article KB1645154 to identify if your version is affected
2. Schedule an emergency maintenance window to apply the patch
3. Upgrade to the latest patched version for your release family as specified by ServiceNow
4. After patching, review system logs for any suspicious activity or unauthorized access attempts
5. Conduct a security assessment to ensure no compromise occurred prior to patching
6. If immediate patching is not possible, implement network-level access controls to restrict ServiceNow instance access to trusted IP addresses only as a temporary mitigation
Organizations should prioritize this update as a critical security issue due to the unauthenticated remote code execution risk.