ServiceNow Configuration Risk Assessment
Generated 7/11/2026 · read-only assessment
1,366 findings require executive attention · 11,323 total scanned
Your ServiceNow instance contains 1,366 executive-priority issues, out of 11,323 total findings scanned. Most can be resolved by addressing 14 underlying configuration patterns — not 1,366 individual defects. Overall configuration health is 21 / 100 — critical risk. The area needing the most attention is Security (644 findings, worst severity critical). The highest-priority risks are concentrated in Security, each explained in plain language below with a recommended action. This is a read-only assessment — nothing was changed on your instance; every item links to its evidence for your team to confirm.
If no action is taken, future upgrades, audits, and security reviews are likely to become increasingly expensive and time-consuming.
Health by area
Priority action plan
- Add a required role or restricting condition/script to this ACL — 293 findings (critical)
- Move the query server-side into a client-callable Script Include and call it asynchronously via… — 215 findings (high)
- Confirm this open write access to a sensitive table is intended — 173 findings (high)
- Avoid current.update() in business rules — 96 findings (high)
- Replace getXMLWait with the asynchronous getXMLAnswer/getXML callback pattern. — 69 findings (high)
- Look records up by a stable key (name, number, property) or store the reference in a system… — 262 findings (medium)
- Remove setWorkflow(false) unless deliberately bypassing automation, and document the reason inline… — 53 findings (medium)
- Filter on an indexed field first, avoid leading-wildcard CONTAINS, and add a database index where… — 27 findings (medium)
Estimated remediation effort
Effort tracks fix patterns, not raw finding counts — many findings share a single remediation.
Top risks
Business impact Any authenticated user could create new IP service CI records in the CMDB, potentially introducing false or malicious configuration items that could affect discovery, reporting, and downstream automation decisions.
Recommended action Review the cmdb_ip_service_ci ACL and add a required role (e.g., discovery_admin, cmdb_admin) to restrict create operations to authorized personnel only.
View technical details →Business impact Any authenticated user could modify Kubernetes deployment behavior policies, potentially disrupting mid-server operations, discovery processes, or integration workflows that depend on these policies.
Recommended action Review the mid_k8s_deployment_hpav2_behavior_policies ACL and add a required role (e.g., mid_server_admin, k8s_admin) to restrict write operations to authorized personnel only.
View technical details →Business impact Any authenticated user could delete ECC queue statistics, potentially destroying audit trails, operational metrics, or historical data needed for troubleshooting mid-server and integration issues.
Recommended action Review the ecc_queue_stats_by_ecc_agent ACL and add a required role (e.g., mid_server_admin, ecc_admin) to restrict delete operations to authorized personnel only.
View technical details →Business impact Any authenticated user could create new mid-server profile application mappings, potentially introducing unauthorized integrations or disrupting existing mid-server configurations.
Recommended action Review the mid_profile_application_m2m ACL and add a required role (e.g., mid_server_admin, integration_admin) to restrict create operations to authorized personnel only.
View technical details →Business impact Any authenticated user could delete cloud management credentials, potentially disrupting cloud integrations, discovery processes, or automation workflows that depend on these credentials for authentication.
Recommended action Review the cmdb_cloud_mgmt_credentials ACL and add a required role (e.g., cloud_admin, credentials_admin) to restrict delete operations to authorized personnel only.
View technical details →Business impact Any authenticated user could delete discovery configuration or status records, potentially disrupting discovery processes, losing historical discovery data, or preventing proper tracking of discovered assets.
Recommended action Review the cmdb_discovery ACL and add a required role (e.g., discovery_admin, cmdb_admin) to restrict delete operations to authorized personnel only.
View technical details →Business impact Any authenticated user could delete discovery status records, potentially destroying audit trails, operational metrics, or historical data needed for troubleshooting discovery processes and asset tracking.
Recommended action Review the discovery_status ACL and add a required role (e.g., discovery_admin, cmdb_admin) to restrict delete operations to authorized personnel only.
View technical details →Business impact Any authenticated user could delete resource location records, potentially disrupting asset location tracking, discovery processes, or location-dependent automation workflows.
Recommended action Review the cmdb_resource_location ACL and add a required role (e.g., cmdb_admin, asset_admin) to restrict delete operations to authorized personnel only.
View technical details →Coverage
InstanceGuard performs a read-only assessment. Findings are signals for human review, not confirmed vulnerabilities; each links to its evidence and a suggested remediation.