Chaining Three Bugs to Access All Your ServiceNow Data (Live Q&A)

https://is1-ssl.mzstatic.com/image/thumb/Podcasts211/v4/7c/99/f8/7c99f84a-4f79-232e-4484-1aefc28eed78/mza_10431140791641350716.jpg/600x600bb.jpg

Surfacing Security

Assetnote

11 episodes

9 months ago

In "Surfacing Security," we explore a variety of cybersecurity topics relevant to Attack Surface Management and beyond. Your co-hosts are Michael Gianarakis (Assetnote Co-Founder/CEO) and Shubham Shah (Assetnote Co-Founder/CTO).

Technology

Business

RSS

All content for Surfacing Security is the property of Assetnote and is served directly from their servers with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.

Technology

Business

Chaining Three Bugs to Access All Your ServiceNow Data (Live Q&A)

Surfacing Security

29 minutes

1 year ago

Chaining Three Bugs to Access All Your ServiceNow Data (Live Q&A)

On May 14th, 2024, we disclosed a chain of vulnerabilities to ServiceNow, resulting in 3 new CVEs. This series of security issues affected all Vancouver and Washington ServiceNow instances (around 42,000 globally), allowing an attacker to execute code on the instance.

In this live Q&A, Assetnote security researcher Adam Kues explains his approach to how he found these vulnerabilities, highlighted in our recent research post. He is joined by hosts, Michael Gianarakis and Shubham Shah.

Congratulations to Adam on being credited with CVE-2024-4879, CVE-2024-5178, and CVE-2024-5217!

To learn more about Assetnote, visit https://www.assetnote.io/.