ITMS-Misconfigured

What is "ITMS-Misconfigured?"

The "ITMS-Misconfigured" module is designed to detect misconfigured instances of ServiceNow ITSM. ServiceNow ITSM is a software platform that helps organizations manage their IT services and infrastructure. This module focuses on identifying misconfigurations within ServiceNow ITSM instances, which can potentially lead to security vulnerabilities or information exposure.

Severity: Informative

Author: dhiyaneshDK

Impact

The impact of misconfigured ServiceNow ITSM instances can vary depending on the specific misconfiguration. However, some potential impacts include:

- Exposure of sensitive information - Unauthorized access to ITSM resources - Data breaches - Compromised system integrity

How the module works?

The "ITMS-Misconfigured" module works by sending HTTP requests to specific endpoints within ServiceNow ITSM instances and then analyzing the responses for specific conditions. The module uses the following matching conditions:

- Matcher 1: It checks if the response body contains the phrase "Unfortunately the article you are looking for could not be found." - Matcher 2: It checks if the response status code is 200 (OK).

If both matching conditions are met, the module considers the instance as misconfigured and reports it as a potential vulnerability.

Example HTTP request:

GET /kb_view_customer.do?sysparm_article=KB00xxxx

Reference:

- https://medium.com/@th3g3nt3l/multiple-information-exposed-due-to-misconfigured-service-now-itsm-instances-de7a303ebd56 - https://github.com/leo-hildegarde/SnowDownKB/

Metadata:

max-request: 1