Question
TDI System Service CO.,LTD.
JP
Last activity: 21 Dec 2023 8:02 EST
Hotfix(Pega Security Advisory C22 Vulnerability – Hotfix Matrix.)適用を回避し、脆弱性の対策をする方法
Pega Support 担当者さま
お世話になっております。天野と申します。
〇問い合わせ内容
Pega Security Advisory C22 Vulnerability – Hotfix Matrix.で対策される脆弱性について、外部からの攻撃で利用されるTCP/IPポート、プロトコルをご連絡ください。または、Hotfixの適用を回避し脆弱性の対策をする方法があればご教示ください。
〇背景
アップグレード、パッチ適用は実施せず運用する方針としています。 Pegaに適用するHotfixとしてPega Security Advisory C22 Vulnerability – Hotfix Matrix.がリリースされていますが、パッチ適用ではなく、外部からの攻撃に利用されるTCP/IPポートのFireWallでの閉塞によって脆弱性対策とする計画をしています。
以上、よろしくお願いします。
※問い合わせ内容に不適切な部分がありましたため修正しました。
======================== Translation via Web =========================
" Pega Security Advisory C22 Vulnerability – Please inform us of the TCP/IP ports and protocols used for external attacks regarding the vulnerabilities covered by the Hotfix Matrix. Or, if there is a way to avoid applying the hotfix and take countermeasures against the vulnerability, please let me know. 〇Background Chubu Electric Power's policy is to operate without upgrading or applying patches. Pega Security Advisory C22 Vulnerability – Hotfix Matrix. has been released as a hotfix for Pega, but Chuden CTI is vulnerable not by applying the patch but by blocking the TCP/IP port used for external attacks with FireWall. "
======================================================
***Edited by Moderator Marije to add new Support ticket ID***
Accepted Solution
Updated: 21 Dec 2023 8:02 EST
Pegasystems Inc.
GB
@RyotaA16754438 thank you.
The answer provided in the support ticket on the 18th is that This applies only to operators utilizing basic/local authentication from the web browser (please note: Externally authenticated users are not impacted, i.e. those connecting via SSO), hence the TCP/IP protocols are not involved. You can restrict the access to certain IP's if you are aware of the IP address range of the users who are accessing the system instead. However our recommendation is to install the hotfix and follow the recommendations as per the CAD.
Pegasystems Inc.
GB
@RyotaA16754438 all the information is in the advisory: Pega Security Advisory C22 Vulnerability – Hotfix Matrix.
Please contact your Account Executive if you have any questions.
TDI System Service CO.,LTD.
JP
@MarijeSchillern Thank you for your reply.
I read the advisory. But sorry, I can't understand the port and protocol that cyberattack using.
The ports and protocol are not mentioned in the advisory.
Could you tell me the ports and connecting protocols exploited in the Security Vulnerabilities ?
Pegasystems Inc.
GB
@RyotaA16754438 I cannot provide you with that information. Please can I ask that you log a support incident for this on the MSP?
Please provide the INC id here so that we can help track this.
TDI System Service CO.,LTD.
JP
Accepted Solution
Updated: 21 Dec 2023 8:02 EST
Pegasystems Inc.
GB
@RyotaA16754438 thank you.
The answer provided in the support ticket on the 18th is that This applies only to operators utilizing basic/local authentication from the web browser (please note: Externally authenticated users are not impacted, i.e. those connecting via SSO), hence the TCP/IP protocols are not involved. You can restrict the access to certain IP's if you are aware of the IP address range of the users who are accessing the system instead. However our recommendation is to install the hotfix and follow the recommendations as per the CAD.