Privileged Access Manager has been configured to integrate with ServiceNow for password view requests. When testing the integration with a fake ServiceNow ticket number such as 123456, the user is still given access to the target account when PAM should give an error such as "ServiceNow ticket number is not specified, or incorrect".
In the password view policy, there were parentheses in the query filter as in the example below which caused the issue to occur.
status==active||(status==in progress)
The code fix will be included in the 4.2.1 release. As a workaround for now, update the query filter and remove the parentheses as in the example below.
status==active||status==in progress