Security researchers from GreyNoise report a significant increase in attempts to exploit three year-old vulnerabilities in ServiceNow, highlighting urgent need for organizations to patch their systems. The flaws, first disclosed in May 2024 and patched by July 2024, have seen renewed activity, predominantly targeting companies in Israel, although there are incidents reported in Germany, Japan, and Lithuania. Notably, these vulnerabilities can be exploited in a way that compromises complete database access, putting sensitive employee information at risk. Despite the threat, ServiceNow has not confirmed any customer impacts thus far.
GreyNoise observed a notable resurgence of exploitation attempts targeting three year-old vulnerabilities in ServiceNow, highlighting an increased threat to unpatched systems.
The vulnerabilities, disclosed in May 2024, have been exploited to gain full database access to sensitive employee data on ServiceNow instances.
Collection
[
|
...
]