From within client scripts, it is possible to query arbitrary data from the server via the GlideAjax API, by using a syntax similar to a server-side glide record. Unless ACLs are checked, this can cause data leaks
Enable the AJAXGlideRecord ACL property: "glide.script.secure.ajaxgliderecord". Any scripts using GlideAjax should be tested thoroughly to ensure that loss of functionality does not occur.
Time to fix
This rule is linked to Common Weakness Enumeration CWE-862 Missing Authorization.