ServiceNow recently informed select enterprise clients that a software flaw in its platform inadvertently permitted unauthenticated internet users to access sensitive data without passwords. Although the company addressed the vulnerability by patching affected instances on June 5, details emerged through a restricted knowledge base article shared on Reddit, which described how the bug allowed unauthorized users to exceed their intended access levels. ServiceNow clarified to TechCrunch that this was not a malicious cyberattack but rather the result of security researchers probing the system for vulnerabilities as part of the company’s bug bounty program.
