ID 56153101
© Flynt
| Dreamstime.com
In a nutshell: ServiceNow’s unauthenticated API flaw exposed enterprise data including IT tickets, credentials, and employee records. The company patched it silently, then hid the advisory behind a login wall. If you run ServiceNow for ITSM, HR, or supply chain workflows, this is your problem.
About three weeks ago, someone queried your ServiceNow instance without a password, without a token, without any credential at all, and ServiceNow decided you didn’t need to know about it right away.
In early …
