ServiceNow reported a security incident where attackers exploited an unauthenticated API endpoint to access customer instance data. The vulnerability allowed unauthorized queries without requiring authentication credentials. This represents a significant supply-chain risk for organizations using ServiceNow for IT service management and other critical functions.

Why it matters in Western Canada: Many Western Canadian post-secondary institutions, government agencies, healthcare systems, and financial organizations rely on ServiceNow for IT operations and service delivery. A data exposure affecting customer instances poses direct risk to sensitive institutional data.

---

Summary generated from the original advisory. Read the full source: bleepingcomputer