PT-2017-11956 · Pegasystems · Pega Platform
Daniel Correa
·
Published
2017-08-02
·
Updated
2017-09-08
·
CVE-2017-11356
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
PEGA Platform versions 7.2 ML0 and earlier
Description
The issue concerns a missing access control in the application distribution export functionality, allowing remote authenticated users with certain privileges to obtain sensitive configuration information.
Recommendations
For PEGA Platform versions 7.2 ML0 and earlier, consider restricting access to the application distribution export functionality to minimize the risk of exploitation until a fix is available.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pega Platform