Daniel Correa

**Name of the Vulnerable Software and Affected Versions** PEGA Platform versions 7.2 ML0 and earlier **Description** The issue allows remote attackers to inject arbitrary web script or HTML via specific parameters, including the PATH INFO to the main page, the `beanReference` parameter to the JavaBean viewer page, or the `pyTableName` to the System database schema modification page. **Recommendations** For PEGA Platform versions 7.2 ML0 and earlier, consider restricting access to the main page, JavaBean viewer page, and System database schema modification page until a fix is available. As a temporary workaround, avoid using the `beanReference` parameter and the `pyTableName` in their respective pages to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PEGA Platform versions 7.2 ML0 and earlier **Description** The issue concerns a missing access control in the application distribution export functionality, allowing remote authenticated users with certain privileges to obtain sensitive configuration information. **Recommendations** For PEGA Platform versions 7.2 ML0 and earlier, consider restricting access to the application distribution export functionality to minimize the risk of exploitation until a fix is available.