Question
1
Replies
839
Views
Posted: October 19, 2017
Last activity: November 13, 2017
Closed
Solved
More Information on HotFixes
Question - I know the HFix- number for a couple of hot-fixes which I found as 'Critical missing' using the System scan. However, it only provide a one-liner description of the issue. Is there a way to find out more details around what that hot-fix fixes? I am looking for details on: HFIX-34999 - Cross-site scripting vulnerability in Java Bean Viewer gadget HFIX-36549 - Reflected XSS and unauthorized access Is there a portal where we see the list of all the available hot-fixes for a specific Pega version? I remember there used to be something like this long back.
Hello!
I was able to locate some information on these 2 Hotfixes for you in our internal system.
HFIX-34999 - Cross-site scripting vulnerability in Java Bean Viewer gadget
This hotfix applies a filter to the external parameter for the JavaBeanViewer Activity so that any harmful contents are neutralized prior to use in the Pega system or the client UI.
HFIX-36549 - Reflected XSS and unauthorized access
Added security check for the activity's and for HTML rule messages handling is modified.
For more information on them, or to obtain them, please open an SR with Request Type as Existing Hotfix Request.
Thank you!