Enhanced Security for Case History Access
Pega continually works to implement security controls designed to protect client environments. With this focus, Pega has identified one medium security vulnerability in Pega Launchpad:
|
Advisory |
Description |
Impact |
Remediation |
|
Enhanced Security for Case History Access
|
Currently, authenticated users without the necessary permissions to access a case can view its history details through API calls.
|
|
We are actively addressing this issue, and the fix is expected to be deployed to production by February 25th, 2025.
|
We are not aware of any of our clients being compromised as a result of this vulnerability.
The necessary Pega Launchpad changes will be activated on February 25th, 2025.
Information regarding the vulnerability will be publicly posted on Pega Support Center on March 4th, 2025. In order to give all Pega clients time to address any impact on their application, we request that clients not discuss this in public forums until after it’s been publicly posted.
As always, we recommend our clients review our Provider Responsibilities for Pega Launchpad regularly.
If you are concerned your application may be affected by this issue please contact [email protected] for further assistance.