Many organizations I meet with use ServiceNow as their ticketing system. A vulnerability due to misconfigurations have been posted that can expose sensitive information to unauthorized remote users. This can be devastating for a security operation center and needs to be addressed. You can learn more about this risk from thehackernews article found HERE. Know that since the cat is out of the bag, it is very likely threat actors will learn about this and attempt to exploit it.
These are the steps from thehackernews article regarding remediation of this risk.
Remediation Steps
Published by ServiceNow in their knowledge base article – General Information | Potential Public List Widget Misconfiguration, the exposure assessment and remediation measures include:
- Review Access Control Lists (ACLs) that either are entirely empty or, alternately, contain the role “Public”
- Review public widgets and set the “Public” flag to false where it is not aligned with their use cases
- Consider using stricter access control measures using built-in controls offered by ServiceNow, such as IP Address Access Control or Adaptive Authentication
- Consider installing ServiceNow Explicit Roles Plugin. ServiceNow states that the plugin prevents external users from accessing internal data and instances using this plugin are not affected by this issue (the plugin ensures that every ACL declares at least one role requirement)
These recommended remediation steps can still be utilized for organizations that are exposed (even after the fix) as it’s worth double checking to ensure top security throughout the organization.