Closed
PEGA patches for security vulnerabilities
Hi All,
Are there security patches available for PEGA Developer Portal for the below mentioned security vulnerabilities?
- PEGA Developer Portal is vulnerable to Cross-Site Scripting (XSS) attack.
- Insecure Communication, PEGA Developer Portal is accessible over clear text HTTP protocol.
- PEGA Developer Portal is vulnerable to Cross-Site Request Forgery (CSRF) attack.
- Malicious files can be uploaded to the PEGA Developer Portal.
- PEGA Developer Portal user’s clear text password is stored in browser memory
- PEGA Developer Portal is vulnerable to Clickjacking attack
- Unnecessary HTTP methods are enabled on PEGA Developer Portal
- CAPTCHA is missing on login form of PEGA Developer Portal
- Browser autocomplete feature is not disabled in PEGA Developer Portal
- Cookie attribute not set to HTTP only on PEGA Developer Portal
- PEGA Developer Portal has no out-of-the-box adapter to ArcSight to collect logs
Thanks for your response in advance.
Regards,
Suman Pyne.