Possible ServiceNow Data Vulnerability: How CDI Can Help
ServiceNow Vulnerability Due to Misconfiguration Issue:
ServiceNow has acknowledged recent publications describing a potential misconfiguration issue that could result in unintended access and is actively investigating the reports. CDI can help you take the following steps to further secure customer instances:
- Review Access Control Lists (ACLs) that contain the role “Public” to determine whether the assigned role is necessary for your use cases.
- Review public widgets and consider setting the “Public” flag to false if they do not align with your use cases.
- Apply IP Address Access Control within your instance to limit access to your instance to only known, trusted IP Addresses.
The CDI team is available to assess your risk, identify existing issues, and provide remediation if needed. Please reach out to your ServiceNow Account Manager or the form below if you’re interested in an assessment.