ServiceNow leak: thousands of companies at risk- is that correct

MK21 · ‎10-18-2023

Hi,

saw the news ServiceNow leak: thousands of companies are trouble

https://cybernews.com/news/servicenow-leak-thousands-companies-risk/

Service now published KB article

https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1553688

i am dumb, can any one what action required from as instance admin.

can any one tell me the procedure or steps

Sandeep Rajput · ‎10-18-2023

@MK21 This article is only applicable for those companies which are having public portals (where unauthenticated users can access the portal pages) and if they are using Simple List Widget to render data.

In such case, as an Instance admin you need to verify the following.

1. if your instance has an ACL which has an empty check for:

Roles
Conditions
Script

If such ACL exist then apply a gs.isLoggedIn() check in the ACL this will ensure that unauthenticated users cannot read the tables in question via the SimpleListWidget or other public portal widgets.

Source: https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1553688

wclim · ‎10-19-2023

Unfortunately, I believe even if you are not having public portals or using Simple List Widget to render data, your instance will still be impacted by this issue.

As long as the OOTB Simple List Widget is still set to Public and your instance have vulnerable ACLs, you will be able to do an API call to widget-simple-list to retrieve data from affected tables without authenticating.

https://www.enumerated.ie/index/servicenow-data-exposure

Sandeep Rajput · ‎10-19-2023

@wclim Thanks for sharing the further insights.

dhravesh · ‎10-18-2023

You can refer the below article and use the python script to identify vulnerable tables.

https://www.linkedin.com/posts/dhravesh_servicenowsecurity-dataprotection-cybersecurity-activity-712...