Chaining Three Bugs To Access All Your ServiceNow Data (Live Q&A) Surfacing Security podcast

Artwork

Tech Business Shubham Shah Cybersecurity InfoSec Information Security Attack Surface Management Security

Content provided by Shubham Shah. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Shubham Shah or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.

Surfacing Security «
Chaining Three Bugs to Access All Your ServiceNow Data (Live Q&A)

40 weeks ago 29:41

Share

MP3•Episode home

Content provided by Shubham Shah. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Shubham Shah or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.

On May 14th, 2024, we disclosed a chain of vulnerabilities to ServiceNow, resulting in 3 new CVEs. This series of security issues affected all Vancouver and Washington ServiceNow instances (around 42,000 globally), allowing an attacker to execute code on the instance.

In this live Q&A, Assetnote security researcher Adam Kues explains his approach to how he found these vulnerabilities, highlighted in our recent research post. He is joined by hosts, Michael Gianarakis and Shubham Shah.

Congratulations to Adam on being credited with CVE-2024-4879, CVE-2024-5178, and CVE-2024-5217!

To learn more about Assetnote, visit https://www.assetnote.io/.

… continue reading

11 episodes

#Tech #Business #Shubham Shah #Cybersecurity #InfoSec #Information Security #Attack Surface Management #Security

Artwork

Chaining Three Bugs to Access All Your ServiceNow Data (Live Q&A)

Surfacing Security

published 40 weeks ago

Share

MP3•Episode home

Content provided by Shubham Shah. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Shubham Shah or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://ppacc.player.fm/legal.

On May 14th, 2024, we disclosed a chain of vulnerabilities to ServiceNow, resulting in 3 new CVEs. This series of security issues affected all Vancouver and Washington ServiceNow instances (around 42,000 globally), allowing an attacker to execute code on the instance.

In this live Q&A, Assetnote security researcher Adam Kues explains his approach to how he found these vulnerabilities, highlighted in our recent research post. He is joined by hosts, Michael Gianarakis and Shubham Shah.

Congratulations to Adam on being credited with CVE-2024-4879, CVE-2024-5178, and CVE-2024-5217!

To learn more about Assetnote, visit https://www.assetnote.io/.

… continue reading

11 episodes

#Tech #Business #Shubham Shah #Cybersecurity #InfoSec #Information Security #Attack Surface Management #Security

All episodes

×

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

Listen to 500+ topics

Quick Reference Guide

Top Podcasts

The Bill Simmons Podcast

Comedy of the Week

How Did This Get Made?

Doug Loves Movies

TED Talks Daily

NBC Nightly News with Lester Holt

The World This Hour

Daily Boost Motivation and Coaching

This American Life

Sword and Scale

Help/FAQ | Upgrade | Advertise

Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion

Science|Soccer|Sports|Storytelling|Technology|True Crime

Copyright 2025 | Sitemap | Privacy Policy | Terms of Service | | Copyright

Listen to this show while you explore