GreyNoise has identified a notable resurgence of in-the-wild activity targeting three ServiceNow vulnerabilities CVE-2024-4879 (Critical), CVE-2024-5217 (Critical), and CVE-2024-5178 (Medium). These vulnerabilities reportedly may be chained together for full database access.

Read the blog to learn about ServiceNow’s Knowledge Base data exposure risks and how to mitigate these issues.

Security researchers say that thousands of companies are potentially leaking secrets from their internal knowledge base (KB) articles via ServiceNow misconfigurations.

Aaron Costello and Dan Meged, of the AppOmni and Adaptive Shield security shops respectively, separately published their findings this week, concluding that pages set to "private" could still be read by tinkering with a ServiceNow customer's KB widgets.

These widgets are essentially containers of information used to construct the pages in KB articles. These can include page elements that allow users to leave feedback on articles, either through star ratings or comments, for example.

Cyble observes how Dark Web forums reveal ServiceNow users falling victim to a Remote Code Execution vulnerability, which exposes sensitive data & escalates risks across sectors.