Question

1
Replies
452
Views
Dmitriy Barykin (DmitriyB4284)
Lanit

Lanit
RU
DmitriyB4284 Member since 2018 2 posts
Lanit
Posted: January 13, 2021
Last activity: January 14, 2021
Posted: 13 Jan 2021 6:56 EST
Last activity: 14 Jan 2021 8:01 EST

SECU0019 Unauthorized request detected when using OOTB control

We recently moved from Pega 7.2.2 to 8.4.3 and came across a problem - clicking on filter icon in Table causes Security Alert:

Unauthorized request detected : Unregistered request encountered for activity pzRunActionWrapper 

and there is a warning message on UI:

URL tampering vulnerability detected.

 

This article https://community.pega.com/knowledgebase/articles/security/85/verify-requests-application-layer implies that this warning only appears when using custom non-autogenerated controls, however we are using OOTB table filtering functionality, we don't have any custom controls or Run Script actions in our application.

Is this Pega's defect or do we need to change some settings in our application after moving from 7.2.2? Will this be fixed in 8.5 since pyBlockUnregisteredRequests will be blocking unregistered requests by default?

Pega Platform 8.4.3 Security