ServiceNow quietly addresses unauthenticated data exposure flaw from 2015
October 26, 2023 at 04:32AM ServiceNow is issuing a fix for a vulnerability that allows unauthenticated attackers to steal sensitive files. The flaw involves default configurations of ServiceNow’s widgets, which can expose personal data. Despite previous code changes, the default configuration still sets widgets to return specified data, making them accessible to attackers. ServiceNow has … Read more