2 matches found
CVE-2018-7748
reportviewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '$xyz' Glide Scripting Injection in the sysparmmedia parameter...
CVE-2018-7748
CVE-2018-7748 affects ServiceNow (Report_viewer.do) on Jakarta releases up to Patch 8, via a Glide Scripting Injection in the sysparm_media parameter. The underlying issue is remote arbitrary code execution. The provided sources identify the vulnerable component as report_viewer.do and the inject...