Security researchers Aaron Costello and Dan Meged warn that thousands of organizations may be unintentionally exposing sensitive internal knowledge base articles due to misconfigurations in ServiceNow.
Meged conservatively estimates that about 30 percent of ServiceNow customers may be exposing sensitive information like passwords through faulty configurations, leaving data at risk.
After analyzing over 1,000 ServiceNow instances, Costello found that 45 percent of these systems expose data publicly, highlighting a significant configuration vulnerability.
It's crucial for organizations to ensure their knowledge bases and pages are correctly set to 'private' to prevent unauthorized access and protect sensitive information.
[
Collection
]
[
|
...
]