CVE-2018-7748 : Security Advisory and Response

In ServiceNow Release Jakarta Patch 8 and earlier, a vulnerability exists in the report_viewer.do endpoint that can be exploited for remote code execution through a Glide Scripting Injection in the sysparm_media parameter.

Understanding CVE-2018-7748

ServiceNow Jakarta Patch 8 and earlier are susceptible to remote code execution attacks due to a specific vulnerability.

What is CVE-2018-7748?

This CVE identifies a security flaw in ServiceNow Release Jakarta Patch 8 and earlier versions that allows attackers to execute arbitrary code using a specific injection technique.

The Impact of CVE-2018-7748

The vulnerability in ServiceNow can lead to remote code execution, enabling attackers to inject and execute malicious code on the affected system.

Technical Details of CVE-2018-7748

ServiceNow's vulnerability in Jakarta Patch 8 and earlier versions has the following technical aspects:

Vulnerability Description

The report_viewer.do endpoint in ServiceNow is vulnerable to remote code execution through a Glide Scripting Injection in the sysparm_media parameter.

Affected Systems and Versions

Product: Not applicable
Vendor: Not applicable
Versions: All versions of ServiceNow Release Jakarta Patch 8 and earlier

Exploitation Mechanism

Attackers can exploit the vulnerability by injecting arbitrary code using the '${xyz}' syntax in the sysparm_media parameter.

Mitigation and Prevention

To address CVE-2018-7748 and enhance system security, consider the following steps:

Immediate Steps to Take

Apply relevant patches and updates from ServiceNow to fix the vulnerability.
Monitor and restrict access to the report_viewer.do endpoint.

Long-Term Security Practices

Conduct regular security assessments and penetration testing to identify vulnerabilities.
Implement secure coding practices to prevent injection attacks.

Patching and Updates

Stay informed about security advisories from ServiceNow and promptly apply patches to mitigate risks.