ServiceNow is notifying customers after discovering and remediating a vulnerability that could have exposed data via an unauthenticated API endpoint on affected instances.
The issue emerged publicly after customers began discussing security notifications from ServiceNow and reports of suspicious activity linked to their environments.
According to the company’s advisory, the vulnerability was initially reported through ServiceNow’s bug bounty program in April, prompting an investigation and subsequent security updates. ServiceNow said hosted customers received a security update (KB3067321)  on June 5, while guidance (KB3067372) was issued for self-hosted deployments.
The flaw appears to have ...