ServiceNow has pushed out a fix for a security vulnerability that was actively being exploited against some of its hosted customers — and the company reportedly knew about the issue since early April before taking action.
The patch was applied directly to hosted customer instances, which means most users did not need to do anything on their end. But the timeline raises questions: if ServiceNow identified the flaw on April 7, why did it take roughly two months to deploy a fix while attackers were actively leveraging it in the wild?
Details about the specific vulnerability remain sparse, which is typical for ServiceNow’s approach to incident disclosure. The company has a history of patching issues on the backend without fanfare, leaving customers to piece together what happened from context clues and support tickets.
If you are running ServiceNow in a hosted environment, it is worth checking your instance version and confirming the patch has been applied. For on-premise deployments, review your update schedule and ensure you are not running a vulnerable build.
Source: SecurityWeek
