Most ServiceNow Instances Misconfigured, Exposed

Customers aren’t locking down access correctly, leading to ~70 percent of ServiceNow implementations being vulnerable to malicious data extraction.

Nearly 70 percent of ServiceNow implementations are vulnerable to malicious data extraction.

Nearly 70 percent of instances of the software-as-a-service (SaaS) platform ServiceNow are potentially exposed to the public.

ServiceNow is a $4.5 billion company whose software helps enterprises with their digital workflows. According to a report published Wednesday by Enlyft, over 20,000 companies use the platform.

The cause of all the exposure, the report stated, is “a combination of customer-managed ServiceNow ACL configurations and overprovisioning of permissions to guest users.” ACLs – access control lists – track permissions in an IT environment.

Exposed instances “may be utilized by a malicious actor to extract data from records,” Offensive Security Researcher Aaron Costello wrote in the report.

Human Error Leads to Data Exposure

Organizations typically use role-based access controls (RBAC) to determine who can access what resources within a system. Users can see and possibly interact with whatever is relevant to them and are barred from whatever isn’t.

For public-facing companies, the general public plays into the RBAC picture. “One important aspect of RBAC,” the report noted, “is

Read More: