ServiceNow has recently acknowledged a potential risk of unauthorized access to sensitive data due to misconfigurations within its platform. This poses a significant concern for organizations using the service [1] [2] [4].
Description
The issue arises from a default configuration in the Simple List interface widget of ServiceNow [3]. This default configuration allows unauthenticated users to remotely access tables that contain sensitive information [3]. Although these misconfigurations have been present since 2015 [3], recent research has shed light on the potential for data leakage [3]. ServiceNow has taken steps to address the issue [1] [2] [3], but organizations are advised to review their exposure and take necessary remediation steps.
Remediation steps include reviewing and adjusting access control lists [3], implementing stricter access control measures [3], and considering the installation of the ServiceNow Explicit Roles Plugin [3]. Additionally, organizations can utilize a SaaS Security Posture Management (SSPM) solution like Adaptive Shield to automate data leakage prevention for ServiceNow and other SaaS applications. SSPMs provide visibility into configurations and help remediate any configuration issues to prevent data leakage [3].
Conclusion
The misconfigurations within the ServiceNow platform pose a significant risk of data leakage for organizations. It is crucial for organizations to take proactive measures to mitigate this risk by reviewing and adjusting access control lists, implementing stricter access control measures [3], and considering the use of the ServiceNow Explicit Roles Plugin [3]. Furthermore, the adoption of a SaaS Security Posture Management solution can provide automated data leakage prevention and ensure the security of ServiceNow and other SaaS applications. It is important for organizations to remain vigilant and stay updated on potential vulnerabilities to protect sensitive data in the future.
References
[1] https://threatnote.com/infosec-news/from-the-hacker-news-servicenow-data-exposure-a-wake-up-call-for-companies/
[2] https://www.linkedin.com/posts/wdevault_new-webinar-5-must-know-trends-impacting-activity-7124746536789430272-meOi
[3] https://thehackernews.com/2023/10/servicenow-data-exposure-wake-up-call.html
[4] https://beker.uk/2023/10/30/pro-hamas-hacktivists-targeting-israeli-entities-with-wiper-malware/
