ServiceNow discloses unauthenticated API flaw that let attackers query customer instance data
ServiceNow disclosed that a misconfigured, unauthenticated REST API endpoint allowed actors to query data from hosted customer instances, an issue the company patched on 5 June but did not publish a (login-gated) advisory for until days later.
- Victim
- ServiceNow