ServiceNow Instances Misconfigured, Vulnerable to data extraction

41
ServiceNow Instances Misconfigured_ Vulnerable to data extraction-01

ServiceNow, a SaaS platform, has announced that the risks due to improper access blocking, resulting in 70% of ServiceNow implementations tested by AppOmni being potentially exposed to the public.

The cause of all the exposure, “is a combination of customer-managed ServiceNow ACL configurations and over-granting of permits to visiting users.” ACLs – access control lists – track permissions in the IT field.

The alleged incidents “could be used by a malicious character to extract information from records,” Security Researcher Aaron Costello wrote in the report.

Read More: https://threatpost.com/most-servicenow-instances-misconfigured-exposed/178827/