Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 sri palle (srip4611) Express scripts
Express scripts
US
srip4611 Member since 2016 2 posts
Express scripts
Posted: May 25, 2016
Last activity: Jul 6, 2016
Posted: 25 May 2016 12:16 EDT
Last activity: 6 Jul 2016 11:53 EDT
Closed

Missing functional level access in pega 6.1 sp2

Hi, We have issue missing functional level access in Pega 6.1 sp2 version application. what observed is, there is a vulnerable URL which has pyRulesHome in it. from  this vulnerable url users are able to access unauthorized pages. so in pega 7.1 version in pyRulesHome there is code written with a when condition to check if they have opendeveloperform privilege. if users have the privilege then they can aceess. but in 6.1 sp2 version what could be the fix??

To see attachments, please log in.
Security

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice