Security News > 2022 > March > Most ServiceNow Instances Misconfigured, Exposed
Nearly 70 percent of instances of the software-as-a-service platform ServiceNow are potentially exposed to the public.
The cause of all the exposure, the report stated, is "a combination of customer-managed ServiceNow ACL configurations and overprovisioning of permissions to guest users." ACLs - access control lists - track permissions in an IT environment.
Exposed instances "May be utilized by a malicious actor to extract data from records," Offensive Security Researcher Aaron Costello wrote in the report.
"One important aspect of RBAC," the report noted, "Is the ability to allow public access to information within your 'database,' which could be a forum, online shop, customer support site, or knowledge base. The challenge is ensuring the right level of access when organizations update or customize SaaS applications or onboard new users."
"Misconfigurations are common across major SaaS platforms," wrote the researchers, "Due to the complexity that inevitably comes with high levels of SaaS functionality, flexibility, and extensibility. Misconfigurations can happen during the initial implementation phase of a SaaS platform, when users or settings change, or as part of the regular cadence of SaaS updates that can impact current configurations."
The researchers found that nearly 70 percent of ServiceNow instances they tested were misconfigured, introducing the possibility that unauthorized users could steal sensitive information from enterprises that may not even realize they're vulnerable.
News URL
https://threatpost.com/most-servicenow-instances-misconfigured-exposed/178827/