Queries about May 2025 Maintenance - KB2046494
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-09-2025 02:48 AM
Hi all,
Based on this KB - https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB2046494
The objective here is to follow the article and upgrade to address data inference vulnerability. There are multiple issues that I am facing and this is done in PDI (Xanadu).
Issue 1: Validation Checks Failed - (sys_security_attribute) table:
Issue when querying in sys_security_attribute, I am unable to find the below in the search result
Security Attributes (sys_security_attribute) name | Security Attributes (sys_security_attribute) sys_id | Active | COMMENTS FROM ME |
UserIsAuthenticatedAndHasRightsToRead | 30b1557ea3dc6210103da1fdc31e6128 | True |
|
Issue 2: Validation Checks Failed - (sys_security_acl) table:
Issue when querying in sys_security_acl, I am unable to find the below in the search result
Access Control (sys_security_acl) name | Access Control (sys_security_acl) sys_id | Decision Type | Operation | COMMENTS FROM ME |
*.* | 052f3a92a3102210103da1fdc31e6125 | Deny-Unless | query_range | Passed in Yokohama |
*.* | 7fce54b64ff42210ee1a3c11b1ce0b97 | Allow-if | query_range | Passed in Yokohama |
Issue 3: Role has been modified from "Public" to "Nobody"
Issue here is that I am unable to find "Nobody". Should there be a role that has the name "Nobody"? or should i just remove "Public"?
As per KB "
Review changes to ACLs and security attributes
The default behavior of some of the existing ACLs has been updated to help further restrict access by unauthenticated users. Please review these changes as they may warrant further action to meet your business needs.
Access Control (sys_security_acl) name | Access Control (sys_security_acl) sys_id | Change |
*.* | 5c3e8c50935502102504ff92f189187c | Role has been modified from ‘public’ to ‘nobody’ |
Issue 4: Unable to Trigger Script
As per KB, "Running the QueryRangeACLAuditor
Please refer to the validation steps earlier in this KB for details on validating the update. It is recommended that you review the validation steps above after each run is complete. The QueryRangeACLAuditor Script Include can also be run in a script as follows:
new global.QueryRangeACLAuditor().auditQueryRangeACLs();"
I went to All -> Scripts - Background
then it showed a white screen
Hoping to seek help from the community. Thanks in advance.
- Labels:
-
CVE-2025-3648
-
KB2046494
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
07-16-2025 08:04 AM
Hi,
Make sure to run in background. Since it need to be repeated, you might want to create a fix script.
1. Go to sys_script_fix.do (Create a new fix script)
2. In the script section, populate the following script:
new global.QueryRangeACLAuditor().auditQueryRangeACLs();
3. Click on Run Fix Script, click on "processed in background".
Good luck