“This vulnerability was comparatively easy to use, and required solely minimal desk entry, equivalent to a weak person account throughout the occasion or perhaps a self-registered nameless person, which might bypass the necessity for privilege elevation and resulted in delicate knowledge publicity,” mentioned Varonis in its weblog.
It isn’t conscious of any instances the place this vulnerability was exploited earlier than ServiceNow issued the patch in Might. Varonis warned ServiceNow concerning the gap, dubbed Rely(er) Strike, in February, 2024.
Platform can maintain large quantity of delicate knowledge
A cloud-based platform, ServiceNow gives a variety of capabilities together with IT service administration, IT operations administration, customer support administration, human assets service supply, governance, threat, and compliance, healthcare and life sciences service administration and extra, which means it may retailer a wide-range of delicate private knowledge.
