ServiceNow Unauthenticated Access Incident (Incident)
ID: d55e774c-3bae-558c-9143-f2199b2d673e
STIX ID: report--d55e774c-3bae-558c-9143-f2199b2d673e
Feed Name: Wiz Cloud Threat Landscape
Date Published: 2026-06-09
Date Updated: 2026-07-02
Author: [email protected] (Wiz Threat Research)
ServiceNow customers experienced unauthenticated access via a Scripted REST Resource endpoint (`/api/now/related_list_edit/create`) reportedly configured with `requires_authentication = false`. Security researchers and affected customers observed requests from IP `51.159.98.241` and successful table queries in some Australia-release or pre-release-configured instances, potentially exposing customer data; the full scope of exposure remains limitedly known.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
