PT-2023-23600 · Pegasystems · Pega Platform

Mohamad Shokor

·

Publicado

2023-08-07

·

Atualizado

2023-08-10

·

CVE-2023-32090

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions Pega platform versions 6.1 through 7.3.1
Description The issue concerns the use of default credentials by Pega platform clients. This could potentially lead to unauthorized access.
Recommendations For versions 6.1 through 7.3.1, change the default credentials to custom, secure credentials to prevent unauthorized access.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-1393CWE-287

Identificadores relacionados

CVE-2023-32090

Produtos afetados

Pega Platform