ServiceNow ACL Misconfiguration Assessment
The AO Labs team is committed to the discovery and mitigation of novel threat vectors to the most business-critical SaaS platforms before bad actors strike. We often discover insecure configurations that can lead to inadvertent data exposures.
As part of our regular, proactive security reviews of the SaaS applications we support, AppOmni Offensive Security Researcher Aaron Costello discovered a common misconfiguration impacting ServiceNow customers: ServiceNow external interfaces exposed to the public that may inadvertently expose sensitive personal information.
This research and analysis highlighted that close to 70 percent of ServiceNow instances we evaluated are prone to data exposure, including Personal Identifiable Information (PII), to unauthenticated users. The root causes for data exposure are a combination of ServiceNow Access Control List (ACL) configurations and over provisioning of permissions to guest users – both of which are managed by customers, not ServiceNow.
You can find additional details about this misconfiguration in our technical paper:
Check Your Configurations
AppOmni has developed a web application, the SaaS Security Analyzer, to evaluate ServiceNow instances for public data exposure. To take advantage of this offering, simply fill out the form and our team will begin the request approval process. This process includes confirming that you are associated with the ServiceNow instance in your request. Once approved, we will evaluate your ServiceNow instance and notify you promptly of the results. No data is exposed in this evaluation.
Results will be disclosed only to the individual requestor through secure channels.
Disclaimer: AppOmni’s SaaS Security Analyzer evaluates a limited subset of the ServiceNow data that may be publicly available. For a more detailed evaluation of your ServiceNow posture and potential risk, please request an AppOmni Risk Assessment.
A free, comprehensive AppOmni Risk Assessment analyzes your entire ServiceNow instance. After the Risk Assessment, you’ll receive an AppOmni ServiceNow findings report with information on:
- Publicly-exposed data
- Data with limited or no restrictions
- External users with over-privileged access to data
- Over-provisioned admin users/roles
- 3rd-party applications connected to your ServiceNow instance
- Security configurations that don’t adhere to best practices
If you’re interested in learning more or have questions about the SaaS Security Analyzer, please email [email protected] and we’ll get in touch with you.
Request your ServiceNow ACL Misconfiguration Assessment