Glide Scripting Injection Vulnerability in ServiceNow by ServiceNow
CVE-2018-7748
8.8HIGH
What is CVE-2018-7748?
A vulnerability exists in report_viewer.do of ServiceNow that enables remote attackers to execute arbitrary code via crafted input in the sysparm_media parameter, exploiting Glide Scripting Injection. This vulnerability affects ServiceNow Release Jakarta Patch 8 and earlier, potentially allowing unauthorized users to gain access to sensitive system functionalities and execute malicious scripts within the application environment.
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved