What is a System Property?
A System Property in ServiceNow serves as a configuration setting, storing crucial information related to the system. These properties cover a broad range of details, including parameters for system behavior, performance, and security.
An example is the System Property glide.basicauth.required.csv, which controls the authentication of CSV requests.
Why is this an issue?
Setting this property to false allows CSV requests without proper verification. This poses a potential risk of data manipulation, as unverified CSV requests may enable attackers to manipulate or inject malicious data into the system. This could result in the modification of records, creation of fake entries, or even deletion of critical information, leading to data integrity issues.
This is particularly crucial in ServiceNow, especially when managing clients across multiple companies, as the risk of unauthorized access and potential information leakage is a concern.
How do I fix it?
To fix this issue, it is necessary to set the glide.basicauth.required.csv property to true. To do so, follow these steps:
In the Filter Navigator, type and enter sys_properties.list.
Search for
glide.basicauth.required.csv.Set Value column to true.