Cyber
ID 56153101 © Flynt | Dreamstime.com

In a nutshell: ServiceNow’s unauthenticated API flaw exposed enterprise data including IT tickets, credentials, and employee records. The company patched it silently, then hid the advisory behind a login wall. If you run ServiceNow for ITSM, HR, or supply chain workflows, this is your problem.

About three weeks ago, someone queried your ServiceNow instance without a password, without a token, without any credential at all, and ServiceNow decided you didn’t need to know about it right away.

In early ...

Daily News from £12 / mo  ·  includes Daily News

Comment on this article


You must be logged in to post a comment.