Cybersecurity researchers have issued urgent warnings about a surge in attacks exploiting outdated ServiceNow vulnerabilities. Three security flaws—tracked as CVE-2024-4879, CVE-2024-5178, and CVE-2024-5217—are being actively targeted by hackers to infiltrate unpatched systems. These vulnerabilities, initially discovered by researchers in May 2024 and patched by ServiceNow two months later, could allow attackers to gain full database access to sensitive corporate data.
Threat intelligence firm GreyNoise reported a significant spike in exploitation attempts over the past week, with most activity directed at Israeli infrastructure. Additional targets include organizations in Germany, Japan, and Lithuania. When chained together, these vulnerabilities enable unauthorized access to employee records, HR data, and other confidential information stored on ServiceNow instances, which are widely used by enterprises for internal operations.
Although ServiceNow stated it has not detected any customer impact from recent campaigns, cybersecurity experts emphasize that unpatched systems remain at high risk. Earlier reports from Resecurity revealed previous exploitation attempts against energy firms, government agencies, and tech companies, while Imperva documented over 6,000 attacks targeting financial services and other sectors in mid-2024.
Organizations are urged to apply ServiceNow’s 2024 security updates immediately to mitigate exposure. Continuous monitoring and patching of legacy systems are critical to defending against evolving threats targeting these vulnerabilities.
