Another research firm Assetnote added one more bug (CVE-2024-5178), with less severity, to the list, but said, that when chained together, hackers can exploit the vulnerabilities to access the ServiceNow database.

“These vulnerabilities enable unauthenticated remote attackers to execute arbitrary code within the Now Platform, potentially leading to compromise, data theft, and disruption of business operations,” Resecurity wrote in a blog post.

To add fuel to the fire, a report by DarkReading has claimed that the vulnerabilities have been exploited and data of various organizations have been stolen. More so, the stolen data, acquired using these vulnerabilities, is being offered for sale on the dark web for a mere $5,000, DarkReading reported citing BreachForums.