Posted on behalf of Myke Lyons, Director of Field Security, ServiceNow:
Earlier this week a security researcher publicly disclosed a vulnerability in the OpenSSL software package. The issue is commonly referred to as the Heart Bleed vulnerability (CVE-2014-0160). Exploitation of this vulnerability is trivial and will allow an attacker to read memory of systems using OpenSSL, which can ultimately result in the compromise of the secret keys, allowing attackers to compromise encrypted traffic (from memory) protected by OpenSSL.
ServiceNow conducted an extensive review of our Customer Instances and at this time we have determined that they are not vulnerable to this issue.
ServiceNow Security will continue to closely monitor the situation.
If any additional information is required of ServiceNow, please contact Customer Support.
For more information related to the bug please visit CVE - CVE-2014-0160
