Friday, April 4, 2025
HomeCyber Security NewsServiceNow Misconfigurations Lead to Leak of Sensitive Data

ServiceNow Misconfigurations Lead to Leak of Sensitive Data

Published on

SIEM as a Service

Follow Us on Google News

ServiceNow has been alerted to a potential misconfiguration concern that might impact the security of its platform. The company is actively addressing the issue and working towards a resolution.

The issue involves Access Control Lists (ACLs), which are used to control access to tables and columns on the platform. 

If an ACL is empty or does not have any roles, conditions, or scripts, it could allow unauthorized users, including guests, to access some resources.

ServiceNow has found that unauthenticated users have limited access to the platform and can only access some authorized pages. 

However, some public portal widgets, such as SimpleListWidget, can query data from the system. ServiceNow advises customers to follow these steps to check and fix their ACLs:

Check ACL Configurations

Customers should find ACLs that do not have any roles, conditions, or scripts.

If they do not want unauthenticated users to access those tables, they should add `gs.isLoggedIn()` to the script section of the ACLs. This will prevent unauthenticated users from accessing those tables through public portal widgets.

General Security Measures

ServiceNow recommends a thorough review of all ACLs, especially those that are empty or have the role “Public,” to make sure they match the business and security requirements.

Customers should also review their public widgets and disable the “Public” flag if they do not need them.

Customers should use IP Address Access Control to restrict access to their instances to only trusted IP addresses. Alternatively, they can use Adaptive Authentication policies to apply more fine-grained authentication control, allowing mobile access but limiting access to specific IP ranges and subnets.

Explicit Roles Plugin

Instances that use the Explicit Roles plugin are not affected by this issue. ServiceNow advises customers who use this plugin to check their ACLs that have the “public” role and review their User Criteria configurations.

ServiceNow stresses the importance of taking proactive security measures and urges customers to follow these steps to protect their instances.

The guidelines for assessing User Criteria can be located at KB1123580.

ServiceNow will continue to investigate the issue and provide updates and guidance as needed. Stay tuned for more information on this issue.

Protect yourself from vulnerabilities using Patch Manager Plus to patch over 850 third-party applications quickly. Try a free trial to ensure 100% security.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Secure Ideas Achieves CREST Accreditation and CMMC Level 1 Compliance

Secure Ideas, a premier provider of penetration testing and security consulting services, proudly announces...

New Phishing Campaign Targets Investors to Steal Login Credentials

Symantec has recently identified a sophisticated phishing campaign targeting users of Monex Securities (マネックス証券),...

UAC-0219 Hackers Leverage WRECKSTEEL PowerShell Stealer to Extract Data from Computers

In a concerning development, CERT-UA, Ukraine's Computer Emergency Response Team, has reported a series...

Hunters International Linked to Hive Ransomware in Attacks on Windows, Linux, and ESXi Systems

Hunters International, a ransomware group suspected to be a rebrand of the infamous Hive...

Supply Chain Attack Prevention

Free Webinar - Supply Chain Attack Prevention

Recent attacks like Polyfill[.]io show how compromised third-party components become backdoors for hackers. PCI DSS 4.0’s Requirement 6.4.3 mandates stricter browser script controls, while Requirement 12.8 focuses on securing third-party providers.

Join Vivekanand Gopalan (VP of Products – Indusface) and Phani Deepak Akella (VP of Marketing – Indusface) as they break down these compliance requirements and share strategies to protect your applications from supply chain attacks.

Discussion points

Meeting PCI DSS 4.0 mandates.
Blocking malicious components and unauthorized JavaScript execution.
PIdentifying attack surfaces from third-party dependencies.
Preventing man-in-the-browser attacks with proactive monitoring.

More like this

New Phishing Campaign Targets Investors to Steal Login Credentials

Symantec has recently identified a sophisticated phishing campaign targeting users of Monex Securities (マネックス証券),...

UAC-0219 Hackers Leverage WRECKSTEEL PowerShell Stealer to Extract Data from Computers

In a concerning development, CERT-UA, Ukraine's Computer Emergency Response Team, has reported a series...

Hunters International Linked to Hive Ransomware in Attacks on Windows, Linux, and ESXi Systems

Hunters International, a ransomware group suspected to be a rebrand of the infamous Hive...