Unauthorized administrator activities in isolated environments require defense-in-depth beyond the authentication layer, as compromises of the auth system can remain undetected for decades.
A publicly accessible ServiceNow API endpoint required no authentication under certain conditions, allowing unauthorized access to sensitive enterprise data.
