September 18, 2024 at 01:42PM
ServiceNow’s enterprise knowledge bases (KBs) continue to expose sensitive corporate data, despite last year’s security improvements. AppOmni’s research found 45% of instances leaked internal data due to outdated configurations and misconfigured access controls. ServiceNow acknowledged the issue and identified changes but encountered challenges protecting KBs due to internal and external access vulnerabilities.
Based on the meeting notes, the key takeaways are:
– Despite improvements in data protection, 45% of total enterprise instances of ServiceNow KBs still leak sensitive data due to outdated configurations and misconfigured access controls.
– ServiceNow introduced security updates to prevent unauthenticated users from accessing data, but these improvements did not fully protect data in KBs, as certain properties and security attributes were not updated and most KBs were secured using a feature called User Criteria instead of ACLs.
– Many organizations struggle to lock down KBs and retain insecure KB security properties that allow public access by default. Administrators may be unaware of the criteria granting access to unauthenticated users in KB configurations, allowing external users to be granted access.
– It’s not just ServiceNow, other hosting providers like Microsoft have also experienced similar issues with KB data leaks, and organizations need to take responsibility for securing their own KBs rather than solely blaming the vendors.
Mitigation strategies suggested include running regular diagnostics on KB access controls, using business rules to deny unauthenticated access to KB content by default, being aware of the relevant security properties of KBs, and keeping in contact with ServiceNow and other SaaS providers to ensure security updates are up-to-date.