Misconfigured access controls have unintentionally leaked sensitive data from over 1,000 ServiceNow knowledge bases used by enterprises to store and share information in the form of articles, according to SC Media.
Organizations commonly had at least two unsecured ServiceNow KB instances that resulted in the exposure of personally identifiable information, live production systems' active credentials or tokens, and internal system data, an analysis from AppOmni revealed.
Meanwhile, articles in KBs were noted by Adaptive Shield to have possibly been exposed via ServiceNow's widgets tool, which could be exploited to evade established security controls.
"To remediate this issue, ServiceNow admins must set their 'Can Read' user criteria to non-public and add 'guest user' and ‘any user’ to 'Cannot Read' to prevent access to this content through a widget. In addition, they must set all public pages to private. Mounting security risks from the inadvertent exposure of KB articles has already prompted ServiceNow to actively address KB misconfigurations among its customers.
