- Company has pushed a security update to hosted customers after detecting anomalous activity and said some customers experienced successful queries against instance tables.
American software giant ServiceNow said it has addressed a security incident that allowed unauthenticated users, in certain circumstances, to access customer instances beyond intended permissions.
The company confirmed it pushed a security update to hosted customers after detecting anomalous activity and said some customers experienced successful queries against instance tables.
In customer notifications seen by users, ServiceNow said the issue affected organisations on its Australia platform release or those that made specific configuration changes on earlier releases.
The company has begun notifying customers where successful queries were observed and is continuing to assess the scope of impact. ServiceNow has not specified what types of data may have been exposed.
Unauthorised access
Users on a ServiceNow-focused Reddit forum alleged the company may have known about the vulnerability since at least April 7. One user claimed that after alerting ServiceNow’s support, agents initially suggested closing the case before internal problem records indicated prior awareness. ServiceNow has not publicly confirmed these claims and is still evaluating whether to publish a CVE for the issue.
The incident follows recent security findings involving ServiceNow platforms. Earlier this year, researchers detailed “BodySnatcher,” a vulnerability affecting the company’s Virtual Agent API and Now Assist AI Agents, and in 2023 separate research highlighted a flaw that could have enabled unauthorised access.
ServiceNow advised affected customers to review logs for unusual queries, validate configurations—particularly on the Australia release—rotate credentials and API tokens, and tighten access controls while monitoring for further guidance.
Discover more from TechChannel News
Subscribe to get the latest posts sent to your email.
