October 30, 2023 at 08:12AM
ServiceNow recently announced that misconfigurations within its platform could lead to unintended access to sensitive data. This is a major concern for organizations that use ServiceNow, as it could result in data leakage. ServiceNow has taken steps to address the issue. The article provides detailed analysis, explains the consequences, and offers remediation steps for organizations.
– ServiceNow announced a security issue on its platform that could lead to unintended access to sensitive data.
– The issue was caused by misconfigurations within the platform, specifically in the Simple List widget, allowing unauthenticated users to remotely access sensitive data stored in tables.
– These misconfigurations have been in place since 2015 but were only recently discovered.
– ServiceNow has taken steps to fix the issue, but organizations are recommended to double-check their exposure.
– Remediation steps recommended by ServiceNow include reviewing Access Control Lists (ACLs), reviewing public widgets, considering stricter access control measures, and installing the ServiceNow Explicit Roles Plugin.
– Organizations can use a SaaS Security Posture Management (SSPM) solution like Adaptive Shield to gain visibility into ServiceNow configurations and remediate any issues.
– SSPMs can alert security teams to high-risk configurations, helping to prevent data leakage and improve security posture.
– Interested readers can request a demo of Adaptive Shield for an app assessment.