Virtualization Technology News and Information
Major Security Misconfiguration Impacting ServiceNow Instances Discovered
AppOmni has discovered a common ServiceNow Access Control List (ACL) misconfiguration present in nearly 70% of ServiceNow instances tested through AppOmni research. This security issue is defined as a "misconfiguration" resulting from a combination of customer-managed ServiceNow ACL configurations and overprovisioning of permissions to guest users. 

These types of misconfigurations are common across major SaaS platforms due to the complexity that inevitably comes with high levels of SaaS functionality, flexibility, and extensibility. Misconfigurations can happen during the initial implementation phase of a SaaS platform, when users or settings change, or as part of the regular cadence of SaaS updates that can impact current configurations. To help organizations quickly discover and take action to correct this misconfiguration, AppOmni has developed the SaaS Security Analyzer, a free web application that will determine if a specific ServiceNow instance has this ACL misconfiguration.

"Securing SaaS is a lot more complicated than just checking a handful of settings or enabling strong authentication for users," said Brendan O'Connor, CEO and co-founder of AppOmni. "SaaS platforms have become business operating systems because they are so flexible and powerful. There are many valid reasons for workloads and applications running on a SaaS platform to communicate externally, such as to integrate with emails and text messages or host a support portal for your customers. SaaS adoption skyrocketed during the pandemic but unfortunately, investments in people, processes, and technology to secure and monitor SaaS has not kept up. In AppOmni's experience, significant data exposures like this are far more common than customers realize."

Organizations have long used Role-Based Access Control (RBAC) to grant permissions for users to access resources on a SaaS platform. One important aspect of RBAC is the ability to allow public access to information within your "database," which could be a forum, online shop, customer support site, or knowledge base. The challenge is ensuring the right level of access when organizations update or customize SaaS applications or onboard new users. 

AppOmni Offensive Security Researcher Aaron Costello discovered ServiceNow external interfaces exposed to the public that a malicious actor could use to extract data from records. Analysis of ServiceNow instances showed that nearly 70% of those tested by AO Labs are leaking sensitive information, including Personal Identifiable Information (PII), to unauthenticated users. More information, including remediation steps, is available in a new AO Labs Technical Paper.

"The AO Labs team is committed to helping organizations build and maintain secure SaaS environments," said Brian Soby, CTO and co-founder of AppOmni. "The high degree of flexibility in modern SaaS platforms has made misconfiguration one of the largest security risks businesses currently face. Our goal is to shed light on common misconfigurations and other potential risks in SaaS platforms so users can ensure their system posture and configuration matches their business intent. We encourage all ServiceNow users to take advantage of the SaaS Security Analyzer and learn more about how this misconfiguration may impact them."

Request a free, confidential evaluation of your ServiceNow instance with the SaaS Security Analyzer.

Published Thursday, March 10, 2022 8:29 AM by David Marshall
Filed under:
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
<March 2022>