A publicly accessible ServiceNow API endpoint required no authentication under certain conditions, allowing unauthorized access to sensitive enterprise data.