What is a System Property?
A System Property in ServiceNow serves as a configuration setting, storing crucial information related to the system. These properties cover a broad range of details, including parameters for system behavior, performance, and security.
An example is the System Property glide.security.diag_txns_acl, which controls the behavior from an unauthenticated connection to certain endpoints:
https:
//instancename.servicenow.com/stats.do: This endpoint provides a compiled server statistics like the last patch, if it is online, server IP address, when it was built, errors, and transactions. https:
//instancename.servicenow.com/threads.do: This endpoint shows all active and running threads at the moment on the instance. For example, we can see scripts running. https:
//instancename.servicenow.com/replication.do: This endpoint shows the database URL.
Why is this an issue?
Setting this property to false allows access to control routes even from an unauthenticated connection. This introduces a potential risk to instance integrity, particularly with regard to data manipulation. Sensitive information such as server details, threads, and executed processes should never be visible or accessible to end users without the requisite privileges.
This is particularly crucial in ServiceNow, especially when managing clients across multiple companies, as the risk of unauthorized access and potential information leakage is a concern.
How do I fix it?
To fix this issue, it is necessary to set the glide.security.diag_txns_acl property to true. To do so, follow these steps:
In the Filter Navigator, type and enter sys_properties.list.
Search for
glide.security.diag_txns_acl.Set Value column to true.