A vulnerability in ServiceNow, identified as Count(er) Strike, allows low-privileged users to extract sensitive data due to misconfigured Access Control Lists (ACLs). Discovered by Varonis Threat Labs, the flaw enables users to enumerate restricted data by manipulating queries, potentially exposing sensitive information even in instances with limited access. ServiceNow has introduced new ACL frameworks to mitigate this issue, but organizations are advised to review their existing configurations to ensure data security.