ServiceNow has released patches and an upgrade that address an Access Control List (ACL) bypass issue in ServiceNow Core functionality.
Additional Details
This issue is present in the following supported ServiceNow releases:
If this ACL bypass issue were to be successfully exploited, it potentially could allow an authenticated user to obtain sensitive information from tables missing authorization controls.
packetstormsecurity.com/files/173354/ServiceNow-Insecure-Access-Control-Full-Admin-Compromise.html
seclists.org/fulldisclosure/2023/Jul/11
news.ycombinator.com/item?id=36638530
support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB1303489
x64.sh/posts/ServiceNow-Insecure-access-control-to-admin/