Warning to ServiceNow admins: Fix your access control lists now

|

“This vulnerability was relatively simple to exploit, and required only minimal table access, such as a weak user account within the instance or even a self-registered anonymous user, which could bypass the need for privilege elevation and resulted in sensitive data exposure,” said Varonis in its blog. 

It isn’t aware of any cases where this vulnerability was exploited before ServiceNow issued the patch in May. Varonis warned ServiceNow about the hole, dubbed Count(er) Strike, in February, 2024.

Platform can hold huge amount of sensitive data

A cloud-based platform, ServiceNow offers a wide range of capabilities including IT service management, IT operations management, customer service management, human resources service delivery, governance, risk, and compliance, healthcare and life sciences service management and more, meaning it can store a wide-range of sensitive personal data.

Leave a Comment

Voice Control Zone

Welcome to Voice Control Zone, your hub for the latest in voice-activated technology and smart living. Discover expert insights, product reviews, and tips on everything from Alexa to voice-controlled cameras and doorbells.

Categories

© 2025 • All Rights Reserved.

DMCA Contact Us Privacy Policy Terms of Service