CVE-2024-5217CISA KEVEPSS p99.9%

CVE-2024-5217ServiceNow Incomplete List of Disallowed Inputs Vulnerability

ServiceNow / Utah, Vancouver, and Washington DC Now Platform

Description

ServiceNow Washington DC, Vancouver, and earlier Now Platform releases contain an incomplete list of disallowed inputs vulnerability in the GlideExpression script. An unauthenticated user could exploit this vulnerability to execute code remotely.

Scoring

EPSS99.63% probability of exploitation · percentile 99.9% · 2026-06-15T12:03:41Z

CISA KEV entry

Added to KEV: 2024-07-29

(incoming)1

TypeTargetConfidenceTier
KEVEntryServiceNow Incomplete List of Disallowed Inputs Vulnerabilitykev-cve-2024-52170%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CVE
ServiceNow Improper Input Validation Vulnerability
CVE
SolarWinds Serv-U Improper Input Validation Vulnerability
CVE
CVE-2025-59228
CVE
CVE-2025-6724
CVE
CVE-2025-61196
CVE
CVE-2026-7312
Sourced from NVD + CISA KEV + FIRST.org EPSS. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.