“This vulnerability was comparatively easy to use, and required solely minimal desk entry, comparable to a weak consumer account inside the occasion or perhaps a self-registered nameless consumer, which may bypass the necessity for privilege elevation and resulted in delicate information publicity,” mentioned Varonis in its weblog.
It isn’t conscious of any circumstances the place this vulnerability was exploited earlier than ServiceNow issued the patch in Could. Varonis warned ServiceNow concerning the gap, dubbed Depend(er) Strike, in February, 2024.
Platform can maintain large quantity of delicate information
A cloud-based platform, ServiceNow presents a variety of capabilities together with IT service administration, IT operations administration, customer support administration, human assets service supply, governance, danger, and compliance, healthcare and life sciences service administration and extra, which means it could actually retailer a wide-range of delicate private information.
