The cause of all the exposure, an AppOmni report stated, is “a combination of customer-managed ServiceNow ACL configurations and overprovisioning of permissions to guest users.”