(Article4_TM) Outside a VDI - a ServiceNow error message containing an IP address

Tanushree Maiti
Kilo Sage

2 hours ago - last edited 2 hours ago

Issue Statement: Outside a VDI, a ServiceNow error message containing an IP address usually indicates that the IP address of the machine (home network, public Wi-Fi) is not whitelisted in the instance's IP Address Access Control list or is being blocked by a corporate firewall or proxy.

 

Concern: Security team raised the concern that exposing machine ip address in the error message - its a security concern.

e.g if you hit following URL

https://<your _servicenow_instance>.service-now.com/nav_to.do?uri=%2Fknowledge.do

The server returns a generic HTTP 403 (Access Restricted) message, which may expose internal system behavior and facilitate enumeration or exploitation.

TanushreeMaiti_0-1770567571876.png

 

Current status: An Idea (by my Client ServiceNow id) has been raised if it can be fixed.

Please mark this response as Helpful & accept it as solution if it assisted you with your question.
Regards
Tanushree Maiti
ServiceNow Technical Architect
Linkedin:
0 Helpfuls
  • 119 Views
1 REPLY 1

Bert_c1
Kilo Patron

21m ago

That link fails in my instance, with: "

The page you are looking for could not be found."

0 Helpfuls