Earlier this week, ServiceNow announced on its support site that misconfigurations within the platform could result in "unintended access" to sensitive data.
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1553688
For organizations that use ServiceNow, this security exposure is a critical concern that could have resulted in major data leakage of sensitive corporate data. ServiceNow has since taken steps to fix this issue.
https://www.theregister.com/2023/10/26/servicenow_data_exposure_flaw/
It's important to reiterate that this issue was not caused by a vulnerability in ServiceNow's code but by a configuration that exists within the platform.
This issue stems from security controls in a ServiceNow Access Control List (ACL) widget called Simple List
Published by ServiceNow in their knowledge base article – General Information | Potential Public List Widget Misconfiguration
/nosanitize
https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1553688
@ecksmc Are there alternatives from other vendors to ServiceNow?
@MisterE many
Microsoft, IBM, Atlassian, Broadcom, SAP, Ivanti
honestly i wouldn't know what the best, or better, option would be
list of others >> open source alternatives
/nosanitize
https://alternativeto.net/software/servicenow/?license=opensource
@ecksmc It would have been the reaction of management on the last gig to get those vendors and bring them in to check out their software.
@MisterE for sure
double and triple checks all over the board
@ecksmc Generally, that "looking around" at other vendors was both a pain in the ass and a huge waste of time. I would yell at my manager when they got a wild hair up their ass about "we have to look around". Didn't help much.