Missing Access Control Vulnerability in Pega

Question

Replies

Views

AnjaniKumarP0301

Member since 2020

11 posts

E-Pragati

Posted: August 17, 2020

Last activity: September 3, 2020

Posted: 17 Aug 2020 0:10 EDT
Last activity: 3 Sep 2020 4:51 EDT

Missing Access Control Vulnerability in Pega

Report

Pega platform has a access control vulnerability which allows attacker to gain access to internal resources.

An attacker can gain access to configuration files and also has access to create queries.

Access the URL /ServicesExport/configurations.zip file followed by token as shown in the URL

It is recommended to restrict...

***Edited by Moderator: Pallavi to update platform capability tags***

***Edited by Moderator Marissa to update General to Product***

Pega Platform

Security

Posted: 10 months ago

Posted: 17 Aug 2020 4:24 EDT

MarcLasserre_GCS

PEGA

replied to AnjaniKumarP0301

Report

Hello,

What platform version is it? Have you been trough the following: https://community.pega.com/knowledgebase/articles/security/84/security-checklist

Posted: 10 months ago

Posted: 18 Aug 2020 1:13 EDT

AnjaniKumarP0301

E-Pragati

replied to MarcLasserre_GCS

Report

7.3.1 Version

Posted: 9 months ago

Posted: 1 Sep 2020 2:54 EDT

MarcLasserre_GCS

PEGA

replied to AnjaniKumarP0301

Report

I think most of the security points on provided article are still valid on Pega 7.3.1

Personalized tools to propel your success

Contact a moderator

Question

Missing Access Control Vulnerability in Pega

About Pegasystems

Question

Missing Access Control Vulnerability in Pega

Related content:

About Pegasystems

We'd prefer it if you saw us at our best.