Suman Pyne (sumanpyne)

sumanpyne Member since 2009 18 posts
Posted: February 15, 2019
Last activity: April 16, 2019
Posted: 15 Feb 2019 5:18 EST
Last activity: 16 Apr 2019 17:00 EDT

PEGA patches for security vulnerabilities

Hi All,

Are there security patches available for PEGA Developer Portal for the below mentioned security vulnerabilities?

  1. PEGA Developer Portal is vulnerable to Cross-Site Scripting (XSS) attack.
  2. Insecure Communication, PEGA Developer Portal is accessible over clear text HTTP protocol.
  3. PEGA Developer Portal is vulnerable to Cross-Site Request Forgery (CSRF) attack.
  4. Malicious files can be uploaded to the PEGA Developer Portal.
  5. PEGA Developer Portal user’s clear text password is stored in browser memory
  6. PEGA Developer Portal is vulnerable to Clickjacking attack
  7. Unnecessary HTTP methods are enabled on PEGA Developer Portal
  8. CAPTCHA is missing on login form of PEGA Developer Portal
  9. Browser autocomplete feature is not disabled in PEGA Developer Portal
  10. Cookie attribute not set to HTTP only on PEGA Developer Portal
  11. PEGA Developer Portal has no out-of-the-box adapter to ArcSight to collect logs

Thanks for your response in advance.


Suman Pyne.

Pega Marketing
Moderation Team has archived post, This thread is closed to future replies. Content and links will no longer be updated. If you have the same/similar Question, please write a new Question.