PT-2023-30848 · Pegasystems · Pega Platform

Iulian Florea

Publicado

2023-09-08

Atualizado

2023-09-12

CVE-2023-4843

CVSS v3.1

4.8

Média

Vetor

AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Pega Platform versions 7.1 to 8.8.3

Description The issue is an HTML Injection problem with a name field used in Visual Business Director. This field can only be modified by an authenticated administrative user.

Recommendations For Pega Platform versions 7.1 to 8.8.3, consider restricting access to the name field in Visual Business Director to prevent unauthorized modifications until a fix is available. As a temporary workaround, ensure that only trusted administrative users have access to this field.

Correção

Special Elements Injection

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-79

Identificadores relacionados

CVE-2023-4843

Produtos afetados

Pega Platform

PT-2023-30848 · Pegasystems · Pega Platform

CVE-2023-4843

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6