CVE-2024-4879CISA KEVEPSS p100.0%

CVE-2024-4879ServiceNow Improper Input Validation Vulnerability

ServiceNow / Utah, Vancouver, and Washington DC Now Platform

Description

ServiceNow Utah, Vancouver, and Washington DC Now Platform releases contain a jelly template injection vulnerability in UI macros. An unauthenticated user could exploit this vulnerability to execute code remotely.

Scoring

EPSS99.98% probability of exploitation · percentile 100.0% · 2026-06-15T12:03:41Z

CISA KEV entry

Added to KEV: 2024-07-29

(incoming)1

TypeTargetConfidenceTier
KEVEntryServiceNow Improper Input Validation Vulnerabilitykev-cve-2024-48790%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
ServiceNow Incomplete List of Disallowed Inputs Vulnerability
CVE
CVE-2026-47928
CVE
SolarWinds Serv-U Improper Input Validation Vulnerability
CVE
CVE-2025-49619
CVE
CVE-2025-14700
CVE
CVE-2026-27304
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.