ServiceNow fixes API issue after reports of suspicious tenant activity
Summary
ServiceNow has addressed a vulnerability affecting an unauthenticated API endpoint that could expose tenant data. The issue was reported through the company's bug bounty program and customer discussions on Reddit about suspicious activity on their instances. ServiceNow has released security updates for hosted and self-hosted deployments.
IFF Assessment
This is bad news for defenders as a vulnerability existed that allowed unauthenticated access to sensitive tenant data in ServiceNow instances.
Defender Context
This incident highlights the importance of regularly patching cloud-based platforms and monitoring for suspicious activity, especially concerning API endpoints. Defenders should be aware of potential risks associated with misconfigurations or vulnerabilities in SaaS platforms like ServiceNow, which often store critical IT and security data.