On May 14th, 2024, we disclosed a chain of vulnerabilities to ServiceNow, resulting in 3 new CVEs. This series of security issues affected all Vancouver and Washington ServiceNow instances (around 42,000 globally), allowing an attacker to execute code on the instance.

In this live Q&A, Assetnote security researcher Adam Kues explains his approach to how he found these vulnerabilities, highlighted in our recent research post. He is joined by hosts, Michael Gianarakis and Shubham Shah.

Congratulations to Adam on being credited with CVE-2024-4879, CVE-2024-5178, and CVE-2024-5217!

To learn more about Assetnote, visit https://www.assetnote.io/.