More than 1,000 ServiceNow Knowledge Base (KB) articles were found to be misconfigured. This misconfiguration could expose sensitive enterprise data to external users — including malicious actors. Potentially exposed information may include:
- Personally identifiable information (PII)
- User credentials
- Internal system information
- Live production system access tokens
Security leaders weigh in
Guy Rosenthal, Vice President of Product, at DoControl:
“This ServiceNow Knowledge Base exposure highlights a critical issue in SaaS security that we're seeing more and more: the challenge of maintaining proper configurations across complex, ever-evolving platforms.
“The technical issues here are multifaceted. First, we’re dealing with legacy configurations. Many organizations are running older versions of ServiceNow where Knowledge Bases are set to public by default. It’s a classic case of “set it and forget it” — teams might not realize they need to revisit these settings. Then there’s the complexity of access controls. ServiceNow’s User Criteria feature is powerful, but it’s also easy to misconfigure. A small mistake in these rules can inadvertently grant access to unauthenticated users. It’s like leaving your front door unlocked because you thought you turned the key, but actually didn’t.
“The syncing issue with databases adds another layer of complexity. When you’re dealing with large-scale enterprise systems, ensuring that access control changes propagate correctly across all connected databases and services is crucial. It’s not just about flipping a switch — it’s about making sure that switch affects all the right circuits.
“These challenges underscore a broader shift in the security landscape. The rapid adoption of SaaS platforms demands a fundamental change in our approach to cybersecurity. We’re moving beyond the era of simple perimeter defense into a world where continuous vigilance of our SaaS ecosystem is paramount.
“The intricacy of modern SaaS environments has outpaced our ability to secure them through manual processes alone. It’s clear that we need to embrace automated, round-the-clock monitoring and remediation strategies. This isn’t just a best practice anymore — it’s becoming a necessity for maintaining a robust security posture in the face of ever-increasing SaaS complexity.
“We’re seeing firsthand how critical it is for organizations to gain comprehensive visibility and control over their SaaS environments. Without it, vulnerabilities like these Knowledge Base exposures can slip through the cracks, potentially leading to significant data breaches. Organizations need to ensure that they have the right tools and insights required to navigate this complex SaaS security landscape effectively.”
Stephen Kowski, Field CTO at Pleasanton, Calif.-based SlashNext Email Security+:
“The recent discovery of more than 1,000 misconfigured ServiceNow enterprise instances exposing sensitive corporate information highlights the ongoing challenge of securing SaaS applications. Despite updates to Access Control Lists (ACLs) in 2023, many Knowledge Bases (KBs) remain vulnerable due to outdated configurations and misconfigured access controls. To mitigate these risks, organizations should prioritize regular diagnostics on KB access controls and implement Business Rules to deny unauthenticated access to KB content by default. By leveraging advanced security controls and automation, security teams can better protect their SaaS application environments and prevent data exposure.”