Question

2
Replies
122
Views
srip4611 Member since 2016 2 posts
Express scripts
Posted: May 25, 2016
Last activity: July 6, 2016
Closed

Missing functional level access in pega 6.1 sp2

Hi, We have issue missing functional level access in Pega 6.1 sp2 version application. what observed is, there is a vulnerable URL which has pyRulesHome in it. from  this vulnerable url users are able to access unauthorized pages. so in pega 7.1 version in pyRulesHome there is code written with a when condition to check if they have opendeveloperform privilege. if users have the privilege then they can aceess. but in 6.1 sp2 version what could be the fix??

Security
Moderation Team has archived post
Share this page LinkedIn