Summary
ServiceNow patched an unauthenticated API access flaw in its Australia platform release that allowed attackers to query sensitive customer instance data, including IT tickets and credentials.
Take Action:
Check your ServiceNow support portal for an open case to see if your instance was affected by this API leak. Review your logs for the /api/now/related_list_edit endpoint and specifically flag any activity from the malicious IP address 51.159.98.241. Even if you aren't notified, it is a good time to rotate any sensitive credentials or tokens ever shared in your support tickets.
Read the full article on BeyondMachines
This article was originally published on BeyondMachines
Top comments (0)