Queries about May 2025 Maintenance - KB2046494

aniciagan
Kilo Contributor

Hi all, 

 

Based on this KB - https://support.servicenow.com/kb?id=kb_article_view&sysparm_article=KB2046494 

 

The objective here is to follow the article and upgrade to address data inference vulnerability. There are multiple issues that I am facing and this is done in PDI (Xanadu).

 

Issue 1: Validation Checks Failed - (sys_security_attribute) table: 
Issue when querying in sys_security_attribute,  I am unable to find the below in the search result 

Security Attributes (sys_security_attribute) name 

Security Attributes (sys_security_attribute) sys_id 

Active 

COMMENTS FROM ME

UserIsAuthenticatedAndHasRightsToRead 

30b1557ea3dc6210103da1fdc31e6128 

True 



Missing from Xanadu &
Washington Version

 

 

aniciagan_6-1752054386075.png

 

 

 

Issue 2: Validation Checks Failed - (sys_security_acl) table: 
Issue when querying in sys_security_acl,  I am unable to find the below in the search result 

Access Control (sys_security_acl) name

Access Control (sys_security_acl) sys_id 

Decision Type 

Operation 

COMMENTS FROM ME

*.* 

052f3a92a3102210103da1fdc31e6125 

Deny-Unless

query_range

Passed in Yokohama
Missing in Xanadu
 

*.* 

7fce54b64ff42210ee1a3c11b1ce0b97 

Allow-if 

query_range 

Passed in Yokohama
Missing in Xanadu
 

 

aniciagan_7-1752054457809.png

 

 

 

Issue 3: Role has been modified from "Public" to "Nobody"

Issue here is that I am unable to find "Nobody".  Should there be a role that has the name "Nobody"? or should i just remove "Public"?

 

As per KB "

Review changes to ACLs and security attributes 

The default behavior of some of the existing ACLs has been updated to help further restrict access by unauthenticated users. Please review these changes as they may warrant further action to meet your business needs. 

Access Control (sys_security_acl) name 

Access Control (sys_security_acl) sys_id  

Change 

*.* 

5c3e8c50935502102504ff92f189187c 

Role has been modified from ‘public’ to ‘nobody’ 

 

aniciagan_4-1752054257396.png

 

 

Issue 4: Unable to Trigger Script

As per KB, "Running the QueryRangeACLAuditor 

Please refer to the validation steps earlier in this KB for details on validating the update. It is recommended that you review the validation steps above after each run is complete. The QueryRangeACLAuditor Script Include can also be run in a script as follows:

new global.QueryRangeACLAuditor().auditQueryRangeACLs();"

 

I went to All -> Scripts - Background 

aniciagan_1-1752054056731.png

 then it showed a white screen 

aniciagan_2-1752054076203.png

 

Hoping to seek help from the community. Thanks in advance. 

 

 

5 REPLIES 5

Gabriel Mornea2
Tera Contributor

Hi,

 

Make sure to run in background. Since it need to be repeated, you might want to create a fix script.

 

1. Go to sys_script_fix.do (Create a new fix script)
2. In the script section, populate the following script:
new global.QueryRangeACLAuditor().auditQueryRangeACLs();

3. Click on Run Fix Script, click on "processed in background".

 

Good luck