Carding 4 Carders
Professional
- Messages
- 2,724
- Reaction score
- 1,588
- Points
- 113
ServiceNow and their "small" vulnerability from 2015.
A cybersecurity expert warns that the ServiceNow digital business platform has discovered a vulnerability in data that puts users of the platform at risk.
ServiceNow is a cloud-based platform designed to automate business workflows. It helps organizations improve and optimize service processes, incident management, change management, and other IT services, and provides tools for automating work tasks in other departments, such as HR, customer service, and security.
"A potential data leak issue in the built-in ServiceNow function has been identified," Daniel Missler said in a post on Platform X. "The vulnerability allows unauthorized users to extract data from records."
Data such as names, email addresses, and internal documents may have been leaked, according to a colleague of Missler's cited by the Times, and "thousands of companies"may have been affected.
Missler believes that the weak point is an incorrect configuration in a component or widget of the ServiceNow system called Simple List, which puts records in tables that are easy to read.
Moreover, this failure has existed since the creation of the Simple List component in 2015. So far, Missler says that there is no evidence that attackers exploited the vulnerability, although this does not necessarily mean that it did not happen.
"There was no evidence of exploitation in real life. However, [ ... ] after this publication, the probability of an attack will increase significantly, " he added with irony.
To fix the problem, Missler strongly recommends that organizations implement Internet protocol restrictions on incoming traffic, disable public widgets, or strengthen their access control lists with a plugin.
It appears that Missler was based on a more detailed report from fellow cybersecurity researcher Aaron Costello, which he referenced in his Twitter thread.
A cybersecurity expert warns that the ServiceNow digital business platform has discovered a vulnerability in data that puts users of the platform at risk.
ServiceNow is a cloud-based platform designed to automate business workflows. It helps organizations improve and optimize service processes, incident management, change management, and other IT services, and provides tools for automating work tasks in other departments, such as HR, customer service, and security.
"A potential data leak issue in the built-in ServiceNow function has been identified," Daniel Missler said in a post on Platform X. "The vulnerability allows unauthorized users to extract data from records."
Data such as names, email addresses, and internal documents may have been leaked, according to a colleague of Missler's cited by the Times, and "thousands of companies"may have been affected.
Missler believes that the weak point is an incorrect configuration in a component or widget of the ServiceNow system called Simple List, which puts records in tables that are easy to read.
Moreover, this failure has existed since the creation of the Simple List component in 2015. So far, Missler says that there is no evidence that attackers exploited the vulnerability, although this does not necessarily mean that it did not happen.
"There was no evidence of exploitation in real life. However, [ ... ] after this publication, the probability of an attack will increase significantly, " he added with irony.
To fix the problem, Missler strongly recommends that organizations implement Internet protocol restrictions on incoming traffic, disable public widgets, or strengthen their access control lists with a plugin.
It appears that Missler was based on a more detailed report from fellow cybersecurity researcher Aaron Costello, which he referenced in his Twitter thread.
