Cloud know-how big ServiceNow seems to have notified a few of its enterprise prospects {that a} software program bug on its platform was permitting anybody on the web to entry their knowledge.
A knowledge base article, which ServiceNow has hidden behind a login wall however has been shared on Reddit, says the firm on June 5 patched some buyer cases to repair a bug that had allowed unauthenticated customers to “achieve higher entry” to ServiceNow-hosted knowledge than meant.
The bug allowed probably anybody to get hold of knowledge saved in buyer cases with out requiring credentials, akin to a password.
It’s not clear who had improper entry to ServiceNow prospects, what knowledge was accessed or taken, or if any group was concerned. On condition that the safety incident seems to stem from a data-exposing bug, it’s unclear if prospects might have protected themselves from improper entry.
ServiceNow is a cloud computing big that enables 1000’s of its enterprise prospects to automate their inner enterprise processes. Corporations use the tech big’s platform to construct workflows that join to varied apps and databases, akin to IT and HR techniques, which can be utilized to mechanically deal with repeat duties, like onboarding workers, resolving tech help tickets, and for chatbots.
As such, corporations like ServiceNow are high-value targets for hackers thanks to the quantity of delicate knowledge that they retailer, akin to buyer help tickets, which might embody passwords, keys and credentials.
ServiceNow mentioned the challenge relates to Australian buyer cases, however several people on Reddit who are not positioned in Australia say they’ve recognized proof of external entry to their ServiceNow cases. Community defenders shared an IP address, 51.159.98.241, mentioned to be an indicator of potential compromise if present in a buyer’s logs.
A spokesperson for ServiceNow did not instantly return TechCrunch’s e mail requesting remark and looking for solutions on what number of prospects are affected, or how lengthy the bug had uncovered the knowledge.
If you buy via hyperlinks in our articles, we may earn a small commission. This doesn’t have an effect on our editorial independence.
Disclaimer: This article is sourced from external platforms. OverBeta has not independently verified the information. Readers are advised to verify details before relying on them.
