ServiceNow Addresses API Flaw Exposing Customer Data
ServiceNow has patched an API vulnerability that allowed unauthenticated access to customer data, primarily affecting older or custom-configured instances. While the exact data type accessed remains undisclosed, the flaw enabled querying of sensitive enterprise tables. Admins are advised to check logs for suspicious activity related to the affected API.
Key points
- ServiceNow has fixed an API flaw that could permit unauthorized access to customer data.
- The issue primarily impacted instances on the Australia release or older versions with custom configurations.
- The vulnerability allowed attackers to query customer instance tables, which can contain sensitive enterprise information.
- ServiceNow applied a fix on June 5, 2024, limiting the API endpoint to authenticated users only.
- Admins are urged to review logs for specific API requests and IP addresses like 51.159.98.241.
- The company has not revealed the specific types of data that may have been accessed.
Cloud IT services company ServiceNow has resolved a security vulnerability that enabled unauthorized access to customer data. The flaw, existing in an API endpoint, allowed unauthenticated users to potentially access greater permissions within ServiceNow instances than intended. The company stated a fix was deployed on June 5, 2024, by reconfiguring the API endpoint to restrict access to authenticated users only.
While ServiceNow confirmed that attackers exploited this issue to query customer instance tables, the specific nature of the data accessed has not been disclosed. These tables commonly house sensitive enterprise information, including IT support records, employee details, internal documents, and system configurations. The company noted that the vulnerability primarily affected customers running the Australia release of its software or older versions with custom configurations. ServiceNow has advised administrators to examine their system logs for suspicious activity related to the /api/now/related_list_edit requests, particularly those originating from the IP address 51.159.98.241.
Sources
The WireByte editorial team synthesises technology news from multiple primary sources, verifies the facts, and links every source. Articles are produced with AI assistance and reviewed under our editorial policy.