ServiceNow is issuing a fix for a flaw that exposes data after a researcher published a method for unauthenticated attackers to steal an organization’s sensitive files. Security researcher Aaron Costello highlighted apparent issues with the default configurations of ServiceNow’s widgets, allowing for personal data to be exposed.
Source: The Register