Posted: 25 May 2016 12:16 EDT Last activity: 6 Jul 2016 11:53 EDT
Missing functional level access in pega 6.1 sp2
Hi, We have issue missing functional level access in Pega 6.1 sp2 version application. what observed is, there is a vulnerable URL which has pyRulesHome in it. from this vulnerable url users are able to access unauthorized pages. so in pega 7.1 version in pyRulesHome there is code written with a when condition to check if they have opendeveloperform privilege. if users have the privilege then they can aceess. but in 6.1 sp2 version what could be the fix??