Since 2023, usersof a cloud application platform have been inadvertently exposing sensitive data due to logical errors in the service
On 17 Sep 2024, according to one cybersecurity lab, private data from users of the ServiceNow are currently being exposed on the Web, from applications that are misconfigured for general public access.
ServiceNow is used by numerous large corporations to manage IT services and processes — for example, to set up systems that define, manage, automate and structure IT services.
However, the way that corporate users can misconfigure the service’s Knowledge Bases (KB — self-service platforms for users to store, share, and manage content), about 1,000 of the system’s applications have been making the information accessible to the public since April 2023.
This can include information such as internal company documentation for staff about how to reset company passwords; how to respond to a cyberattack; where employees can find certain company information; data related to HR processes, and other sensitive information. Actual data found exposed on the web includes names, phone numbers, internal system details, and active credentials to ‘live’ company systems.
In many of the cases, it was observed that organizations that have more than one instance of ServiceNow had consistently misconfigured KB access controls across each one. This could indicate a systematic misunderstanding of KB access controls or possibly the accidental replication of at least one instance’s poor controls to another through cloning. These instances were considered by the affected organizations to be sensitive in nature, such as personally identifiable information, internal system details, and active credentials/tokens to live production systems.
Obviously, cybercriminals can use this type of information to launch attacks into various organizations’ networks, steal database information, or effectively live inside the company’s systems, setting traps and collecting intel for future attacks.
According to Aaron Costello, Chief of SaaS Security Research, AppOmni Labs, the firm that disclosed its findings: “This is critical for organizations that use ServiceNow to know about, because it can lead to the exposure of sensitive information such as PII, internal system information, and active credentials. This highlights the urgent need for enterprises to routinely check and update their security configurations to prevent unauthorized access and protect their data assets. Understanding these issues and how to mitigate them is essential for maintaining robust security in enterprise SaaS environments.”