Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

ServiceNow flaw may have left data exposed since 2015

A potential vulnerability in ServiceNow that could have left user data exposed for as long as eight years has been discovered by a cyber security expert.

user icon Daniel Croft
Wed, 18 Oct 2023
ServiceNow flaw may have left data exposed since 2015
expand image

Information security specialist Daniel Miessler posted on social media saying that a “potential data exposure issue” in the digital workflow management platform could have user data available for unauthenticated users to see.

============
============

Miessler said the issue, which could have been around since 2015, is due to a misconfiguration in the Simple List widget in ServiceNow’s system, a tool that allows for records to be viewed in easily readable tables.

“Their access control is not governed by ACLs, making them potentially overlooked during routine checks for public ACLs on non-record components,” Miessler continued.

The issue is likely to have exposed data from thousands of organisations, with information including names, email addresses, internal documents, incident details and attachment names potentially compromised, according to a colleague of Miessler.

Miessler said ServiceNow attempted to make Simple List more secure in March this year by modifying the JavaScript code, but the flaw still exists.

“The potential for data exposure still exists, especially for large-scale SaaS platforms that have any concept of public access to data,” he said.

Fellow researcher and cyber expert Aaron Costello has said that this is only proof that the vendor is aware of the issue.

At this stage, there is no indication that the exposed data has been used by threat actors; however, there is no conclusive evidence to say that it hasn’t been used maliciously either.

“There’s been no evidence of exploitation in the wild. However, [...] with this write-up, it’s likely to be attacked a lot more,” Miessler warned.

Miessler has advised that organisations can implement a number of security measures to mitigate the vulnerability and keep their data safe, including disabling public widgets, setting IP restrictions and securing ACLs.

For additional information on how to identify the issue and any attempts at exploitation, as well as a technical write-up of the vulnerability, head to Aaron Costello’s blog.

Daniel Croft

Daniel Croft

Born in the heart of Western Sydney, Daniel Croft is a passionate journalist with an understanding for and experience writing in the technology space. Having studied at Macquarie University, he joined Momentum Media in 2022, writing across a number of publications including Australian Aviation, Cyber Security Connect and Defence Connect. Outside of writing, Daniel has a keen interest in music, and spends his time playing in bands around Sydney.

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.