2018-08-03 18:00:00
mitre
PUBLISHED
report_viewer.do in ServiceNow Release Jakarta Patch 8 and earlier allows remote attackers to execute arbitrary code via ${xyz} Glide Scripting Injection in the sysparm_media parameter.