Arctic Wolf has published its recommendations on the maintenance actions that ServiceNow customers should take after the US software company on 20 October issued a fix for a potential misconfiguration issue.
The issue, first revealed by security researcher Aaron Costello, lies in the Access Control Lists (ACL) within ServiceNow that if misconfigured, could result in unauthenticated threat actors being able to access data.
In public instances of ServiceNow portals, if an Access Control List (ACL) is configured with no role, no condition, and no script a threat actor could abuse the SimpleListWidget (a ServiceNow widget that is set to public without any roles defined by default) to read specific tables that could include sensitive data.
Arctic Wolf says that is aware that ServiceNow has been contacting some of their customers about proactive maintenance actions taken to remediate this issue and its recommendations for fixing the issue and securing their instance of ServiceNow are here: https://arcticwolf.com/resources/blog/data-exposure-misconfiguration-issue-in-servicenow/