More Information on HotFixes

Question

Replies

883

Views

SA_Arora

Member since 2013

12 posts

Cognizant Technology Solutions

Posted: October 19, 2017

Last activity: November 13, 2017

Posted: 19 Oct 2017 10:54 EDT
Last activity: 13 Nov 2017 19:26 EST

Closed

Solved

More Information on HotFixes

Question - I know the HFix- number for a couple of hot-fixes which I found as 'Critical missing' using the System scan. However, it only provide a one-liner description of the issue. Is there a way to find out more details around what that hot-fix fixes? I am looking for details on: HFIX-34999 - Cross-site scripting vulnerability in Java Bean Viewer gadget HFIX-36549 - Reflected XSS and unauthorized access Is there a portal where we see the list of all the available hot-fixes for a specific Pega version? I remember there used to be something like this long back.

Security

Moderation Team has archived post,

This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.

Accepted Solution

Posted: 4 years ago

Updated: 4 years ago

Posted: 19 Oct 2017 10:56 EDT
Updated: 20 Oct 2017 3:24 EDT

MarissaRogers

MOD

replied to SA_Arora

Hello!

I was able to locate some information on these 2 Hotfixes for you in our internal system.

HFIX-34999 - Cross-site scripting vulnerability in Java Bean Viewer gadget

This hotfix applies a filter to the external parameter for the JavaBeanViewer Activity so that any harmful contents are neutralized prior to use in the Pega system or the client UI.

HFIX-36549 - Reflected XSS and unauthorized access

Added security check for the activity's and for HTML rule messages handling is modified.

For more information on them, or to obtain them, please open an SR with Request Type as Existing Hotfix Request.

Thank you!

Question

More Information on HotFixes

Related content:

We'd prefer it if you saw us at our best.