ServiceNow Knowledge Base articles susceptible to risk due to configuration flaw

Over 1,000 ServiceNow Knowledge Base (KB) articles were discovered to be misconfigured. This misconfiguration could potentially expose sensitive enterprise data to external users, including malicious actors. The exposed information may include:

Security leaders weigh in

Guy Rosenthal, Vice President of Product at DoControl:

“The exposure of ServiceNow Knowledge Base highlights a critical security issue in SaaS that is becoming more prevalent – the difficulty of maintaining proper configurations in complex and ever-changing platforms.

“There are multiple technical issues at play here. Firstly, we are dealing with outdated configurations. Many organizations are using older versions of ServiceNow where Knowledge Bases are set to public by default. This is a common case of ‘set it and forget it’ mentality where teams may not realize the need to review these settings. Additionally, the complexity of access controls is a challenge. ServiceNow’s User Criteria feature is powerful but can be easily misconfigured. A small mistake in these rules could unintentionally grant access to unauthorized users. It’s like leaving your front door unlocked thinking you have locked it.

“The synchronization problem with databases adds another layer of complexity. When dealing with large enterprise systems, ensuring that access control changes propagate accurately across all connected databases and services is essential. It’s not just about flipping a switch, but it’s about ensuring that switch impacts all the necessary circuits.

“These challenges highlight a broader shift in the security landscape. The rapid adoption of SaaS platforms requires a fundamental change in our cybersecurity approach. We are moving beyond traditional perimeter defense to a world where continuous monitoring of our SaaS ecosystem is crucial.

“The complexity of modern SaaS environments has surpassed our ability to secure them manually. It’s evident that we need to incorporate automated, round-the-clock monitoring and remediation strategies. This is no longer just a best practice – it’s becoming a necessity to maintain a strong security posture in the face of increasing SaaS complexity.

“It is crucial for organizations to have comprehensive visibility and control over their SaaS environments. Without it, vulnerabilities like Knowledge Base exposures can go unnoticed, potentially leading to significant data breaches. Organizations must ensure they have the necessary tools and insights to effectively navigate the intricate SaaS security landscape.”

Stephen Kowski, Field CTO at SlashNext Email Security+:

“The recent discovery of more than 1,000 misconfigured ServiceNow instances exposing sensitive corporate information highlights the ongoing challenge of securing SaaS applications. Despite ACL updates in 2023, many Knowledge Bases remain vulnerable due to outdated configurations and misconfigured access controls. To mitigate these risks, organizations should prioritize regular diagnostics on KB access controls and implement Business Rules to deny unauthenticated access to KB content by default. By utilizing advanced security controls and automation, security teams can enhance protection for their SaaS application environments and prevent data exposure.”