ServiceNow Data Exposure: A Wake-Up Call for Companies

Previously this week, ServiceNow declared on its support web site that misconfigurations within just the system could outcome in “unintended obtain” to delicate facts. For businesses that use ServiceNow, this security exposure is a critical worry that could have resulted in major data leakage of sensitive corporate details. ServiceNow has because taken measures to take care of this issue.

This short article entirely analyzes the issue, clarifies why this critical software misconfiguration could have experienced critical implications for corporations, and remediation methods firms would get, if not for the ServiceNow take care of. (Whilst, suggested to double examine that the correct has shut the organization’s exposure.)

In a Nutshell

ServiceNow is a cloud-primarily based platform used for automating IT assistance administration, IT functions administration, and IT organization management for shopper support, as very well as HR, security functions, and a vast range of additional domains. This SaaS software is thought of to be one particular of the prime business-critical programs owing to its infrastructural mother nature, extensibility as a enhancement platform, and obtain to private and proprietary info throughout the business.

Very simple Record is an interface widget that pulls info that is saved in tables and takes advantage of them in dashboards. The default configuration for Very simple Record allows the facts in the tables to be accessed remotely by unauthenticated customers. These tables consist of sensitive info, including articles from IT tickets, internal labeled understanding bases, employee details, and much more.

These misconfigurations have essentially been in spot since the introduction of Obtain Control Lists in 2015. To day, there have been no reported incidents as a end result. Nonetheless, taking into consideration the the latest publication of the information leakage research, leaving it unresolved could have exposed firms more than ever.

This exposure was the result of just just one default configuration — and there are hundreds of configurations covering access regulate, data leakage, malware protection, and far more that need to be secured and taken care of. For companies making use of an SSPM (SaaS Security Posture Administration alternative), like Adaptive Shield, companies can extra simply discover risky misconfigurations and see if they are compliant or non-compliant (see graphic 1 under).

Master a lot more about how SSPM secures the critical applications in your SaaS stack

Inside of the ServiceNow Misconfigurations

It is crucial to reiterate that this issue was not brought about by a vulnerability in ServiceNow’s code but by a configuration that exists inside the platform.

This issue stems from security controls in a ServiceNow Entry Control Listing (ACL) widget referred to as Uncomplicated Record, which puts data into very easily readable tables. These tables manage information and facts from several resources and have configurations with a default placing of Community Obtain.

Simply because these tables are the main of ServiceNow, the issue was not contained inside a single location that can be fastened. It desired to be remediated in a number of areas inside the software in mix with the utilization of the UI widget, and all over all tenants. More complicating the issue, was that altering a single setting could crack present workflows linked to the Straightforward Record tables, creating intense disruption of current processes.

Remediation Steps

Released by ServiceNow in their awareness base report – Typical Details | Opportunity Public Record Widget Misconfiguration, the publicity evaluation and remediation steps involve:

• Evaluate Accessibility Command Lists (ACLs) that both are totally vacant or, alternately, consist of the purpose “Public”
• Evaluate public widgets and set the “General public” flag to phony wherever it is not aligned with their use circumstances
• Consider making use of stricter obtain handle measures using constructed-in controls made available by ServiceNow, such as IP Deal with Accessibility Management or Adaptive Authentication
• Take into consideration putting in ServiceNow Specific Roles Plugin. ServiceNow states that the plugin prevents exterior users from accessing internal details and circumstances employing this plugin are not impacted by this issue (the plugin makes sure that each and every ACL declares at minimum 1 part prerequisite)

These suggested remediation measures can however be used for organizations that are exposed (even just after the resolve) as it can be worth double examining to be certain major security in the course of the business.

Master additional about automating your ServiceNow Security

Automate Information Leakage Prevention for ServiceNow

Corporations that use a SaaS Security Posture Administration (SSPM) solution, like Adaptive Defend, are ready to gain visibility into ServiceNow’ and any other SaaS app’s configurations and remediate any configuration issue.

Graphic 1: Adaptive Protect dashboard with the compliance framework: ServiceNow KB1553688 – Community List Widget Misconfiguration

SSPMs alert security teams when there are significant-risk configurations, enabling them to regulate their settings and prevent any sort of knowledge leakage. This way, businesses get a much better comprehending of their firm’s attack surface, amount of risk, and security posture with an SSPM.

Click right here to ask for a demo and get an evaluation of any application publicity

Identified this posting appealing? Comply with us on Twitter  and LinkedIn to examine much more exclusive content material we post.

Some pieces of this report are sourced from:
thehackernews.com