ServiceNow Widgets Data Exposure

medium Web App Scanning Plugin ID 114106

Synopsis

ServiceNow Widgets Data Exposure

Description

ServiceNow is a popular cloud platform enabling developers to build custom applications around automation for their organizations. ServiceNow widgets are JavaScript based components used to define content of the portal pages and can be either builtin or customized by developers. Widgets access control does not rely on ServiceNow ACLs but on fields set on the widget record itself.

When the widgets permissions are not properly configured, a remote and unauthenticated attacker could leverage this misconfiguration to retrieve sensitive information from the remote ServiceNow instance.

Solution

If the widgets public exposure is not expected, disable `public` flag in the widget record. Another workaround is to assign a specific role not attributed to the `guest` user to each ACL.

See Also

https://www.enumerated.ie/index/servicenow-data-exposure

Plugin Details

Severity: Medium

ID: 114106

Type: remote

Published: 11/15/2023

Updated: 11/15/2023

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 2.9

CVSS v2

Risk Factor: Low

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Low

Base Score: 3.7

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS Score Source: Tenable

CVSS v4

Risk Factor: Medium

Base Score: 6.3

Vector: CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CVSS Score Source: Tenable

Vulnerability Information

CPE: cpe:2.3:a:servicenow:servicenow:*:*:*:*:*:*:*:*

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 10/14/2023

Reference Information