Bleeping Computer

New ServiceNow flaw lets attackers enumerate restricted data

A new vulnerability in ServiceNow, dubbed Count(er) Strike, allows low-privileged users to extract sensitive data from tables to which they should not have access. ServiceNow is a cloud-based platform ...
CIO

Warning to ServiceNow admins: Fix your access control lists now

A vulnerability in the way ServiceNow manages user access control lists can easily allow a threat actor to steal sensitive data, says a security vendor, who urges admins to review their custom and ...