{"id":14422,"date":"2025-07-10T02:19:20","date_gmt":"2025-07-10T02:19:20","guid":{"rendered":"https:\/\/newestek.com\/?p=14422"},"modified":"2025-07-10T02:19:20","modified_gmt":"2025-07-10T02:19:20","slug":"warning-to-servicenow-admins-fix-your-access-control-lists-now","status":"publish","type":"post","link":"https:\/\/newestek.com\/?p=14422","title":{"rendered":"Warning to ServiceNow admins: Fix your access control\u00a0lists now"},"content":{"rendered":"<div>\n<div id=\"remove_no_follow\">\n<div class=\"grid grid--cols-10@md grid--cols-8@lg article-column\">\n<div class=\"col-12 col-10@md col-6@lg col-start-3@lg\">\n<div class=\"article-column__content\">\n<section class=\"wp-block-bigbite-multi-title\">\n<div class=\"container\"><\/div>\n<\/section>\n<p>A vulnerability in the way ServiceNow manages user access control lists can easily allow a threat actor to steal sensitive data, says a security vendor, who urges admins to review their custom and standard data configuration tables to beef up security..<\/p>\n<p>Researchers at Varonis told ServiceNow about the hole over a year ago, allowing it to quietly patch its platform as well as issue a security update to customers in May. But after ServiceNow this week issued a Common Weakness Enumeration <a href=\"https:\/\/support.servicenow.com\/kb?id=kb_article_view&amp;sysparm_article=KB2139567\" target=\"_blank\" rel=\"noreferrer noopener\">(CVE-2025-3648)<\/a> describing the problem, Varonis published details.<\/p>\n<p>Hopefully by now admins have taken advantage of the patch, with its new security capabilities.<\/p>\n<p>\u201cThe update from ServiceNow addressed a vulnerability that could have allowed low privileged users to access restricted data,\u201d IDC President Crawford Del Prete told CIO.com. \u201cThese kinds of situations are always potentially serious, given the kind of data that ServiceNow handles.<\/p>\n<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>A vulnerability in the way ServiceNow manages user access control lists can easily allow a threat actor to steal sensitive data, says a security vendor, who urges admins to review their custom and standard data configuration tables to beef up security.. Researchers at Varonis told ServiceNow about the hole over a year ago, allowing it to quietly patch its platform as well as issue a&#8230; <\/p>\n<p class=\"more\"><a class=\"more-link\" href=\"https:\/\/newestek.com\/?p=14422\">Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[1],"tags":[],"class_list":["post-14422","post","type-post","status-publish","format-standard","hentry","category-uncategorized","is-cat-link-borders-light is-cat-link-rounded"],"_links":{"self":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14422","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=14422"}],"version-history":[{"count":0,"href":"https:\/\/newestek.com\/index.php?rest_route=\/wp\/v2\/posts\/14422\/revisions"}],"wp:attachment":[{"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=14422"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=14422"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/newestek.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=14422"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}