Enterprise ServiceNow Knowledge Bases at Risk
Read the blog to learn about ServiceNow’s Knowledge Base data exposure risks and how to mitigate these issues.
Thousands of orgs at risk of ServiceNow KB data leaks
Security researchers say that thousands of companies are potentially leaking secrets from their internal knowledge base (KB) articles via ServiceNow misconfigurations. Aaron Costello and Dan Meged, of the AppOmni and Adaptive Shield security shops respectively, separately published their findings this week, concluding that pages set to "private" could still be read by tinkering with a ServiceNow customer's KB widgets. These widgets are essentially containers of information used to construct the pages in KB articles. These can include page elements that allow users to leave feedback on articles, either through star ratings or comments, for example.
Threat Actors Capitalize On ServiceNow Vulnerability
Cyble observes how Dark Web forums reveal ServiceNow users falling victim to a Remote Code Execution vulnerability, which exposes sensitive data & escalates risks across sectors.