Without proper access control, diagnostic pages like /stats.do, /threads.do, and /replication.do can be accessed by unauthorized users. These pages contain sensitive system information, including performance metrics and server details, which could be exploited for malicious purposes. Enabling ACL restrictions helps prevent unauthorized access and enhances security.
Resolution Steps
Go to the sys_properties table by entering sys_properties.list in the navigation filter of your ServiceNow instance.
Add or update the property glide.security.diag_txns_acl and set it to true
Restricting access to diagnostic pages protects sensitive system information from unauthorized exposure. Enabling the glide.security.diag_txns_acl property ensures that only authorized users can access these pages, reducing security risks.
For more detailed guidance on resolving this issue, please contact us at support@dt-advisory.ch.