Question

2
Replies
777
Views
sumanpyne Member since 2009 14 posts
Accenture
Posted: 1 year ago
Last activity: 1 year 6 months ago
Closed

PEGA patches for security vulnerabilities

Hi All,

Are there security patches available for PEGA Developer Portal for the below mentioned security vulnerabilities?

  1. PEGA Developer Portal is vulnerable to Cross-Site Scripting (XSS) attack.
  2. Insecure Communication, PEGA Developer Portal is accessible over clear text HTTP protocol.
  3. PEGA Developer Portal is vulnerable to Cross-Site Request Forgery (CSRF) attack.
  4. Malicious files can be uploaded to the PEGA Developer Portal.
  5. PEGA Developer Portal user’s clear text password is stored in browser memory
  6. PEGA Developer Portal is vulnerable to Clickjacking attack
  7. Unnecessary HTTP methods are enabled on PEGA Developer Portal
  8. CAPTCHA is missing on login form of PEGA Developer Portal
  9. Browser autocomplete feature is not disabled in PEGA Developer Portal
  10. Cookie attribute not set to HTTP only on PEGA Developer Portal
  11. PEGA Developer Portal has no out-of-the-box adapter to ArcSight to collect logs

Thanks for your response in advance.

Regards,

Suman Pyne.

Pega Marketing
Moderation Team has archived post
Share this page LinkedIn