Patch now: Attackers attack ServiceNow's Now Platform

There are currently malicious code attacks on ServiceNow's Now Platform. The system is then considered fully compromised and attackers gain access to sensitive customer data, among other things.

The cloud computing platform helps companies with digitalization in order to grow and reduce costs, for example. Companies use Now Platform worldwide. These include customers such as Bayer, Coca-Cola and Siemens.

Far-reaching threats

Security researchers from Rescurity point out the global attacks in an article. Attackers are targeting three vulnerabilities (CVE-2024-4879"critical", CVE-2024-5217"critical", CVE-2024-5178"medium"). The critical vulnerabilities can be exploited remotely without authentication and malicious code can get onto systems. Attacks are possible because input is not sufficiently checked. In the course of the attacks, the attackers are said to work with two payloads in order to steal access data, among other things. Further details on the attack process are not yet available.

Admin rights are required to successfully exploit the third vulnerability. If this is the case, attackers can access sensitive data. The developers list the version secured against the attacks in three warning messages(1, 2, 3).

Attacks also possible in Germany

The security researchers state that around 300,000 instances worldwide are publicly accessible via the Internet. However, they point out that not all of them are necessarily vulnerable. Some may already be patched or firewalls may block attacks. The search engine Shodan comes up with a maximum of 23,000 hits. Just over 600 instances are in Germany.

According to the security researchers, they have observed that there is currently increased interest in the gaps in the Darknet. The scope of the attacks is currently unclear, but it can be assumed that they are increasing.

(des)