Description
report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via '${xyz}' Glide Scripting Injection in the sysparm_media parameter.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://telekomsecurity.github.io/2018/07/servicenow-privilege-escalation.html
Exploit, Third Party Advisory x_refsource_misc
https://telekomsecurity.github.io/assets/advisories/20180104_ServiceNow_GlideInjection.txt
Scores
CVSS v3
8.8
EPSS
0.0258
EPSS Percentile
83.3%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (1)
servicenow/servicenow
jakarta (12 CPE variants)
Published
Aug 03, 2018
Tracked Since
Feb 18, 2026