Question

3
Replies
44
Views
Close popover
Anjani Kumar Ponnam (AnjaniKumarP0301)
E-Pragati

E-Pragati
IN
AnjaniKumarP0301 Member since 2020 11 posts
E-Pragati
Posted: August 17, 2020
Last activity: September 3, 2020

Missing Access Control Vulnerability in Pega

Pega platform has a access control vulnerability which allows attacker to gain access to internal resources.

 

An attacker can gain access to configuration files and also has access to create queries.

 

Access the URL /ServicesExport/configurations.zip file followed by token as shown in the URL

 

It is recommended to restrict...

***Edited by Moderator: Pallavi to update platform capability tags***

***Edited by Moderator Marissa to update General to Product***  

Pega Platform Security