“This vulnerability was comparatively easy to take advantage of, and required solely minimal desk entry, corresponding to a weak consumer account throughout the occasion or perhaps a self-registered nameless consumer, which might bypass the necessity for privilege elevation and resulted in delicate knowledge publicity,” stated Varonis in its weblog.
It isn’t conscious of any circumstances the place this vulnerability was exploited earlier than ServiceNow issued the patch in Could. Varonis warned ServiceNow concerning the gap, dubbed Rely(er) Strike, in February, 2024.
Platform can maintain big quantity of delicate knowledge
A cloud-based platform, ServiceNow presents a variety of capabilities together with IT service administration, IT operations administration, customer support administration, human assets service supply, governance, threat, and compliance, healthcare and life sciences service administration and extra, that means it may well retailer a wide-range of delicate private knowledge.
