Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 Kiran Kumar Sangaraju (KiranKS)
Ministry of Education Saudi Arabia
Kiran Kumar Sangaraju
Ministry of Education Saudi Arabia
SA
KiranKS Member since 2018 22 posts
Ministry of Education Saudi Arabia
Posted: Jun 1, 2022
Last activity: Jun 8, 2022
Posted: 1 Jun 2022 3:42 EDT
Last activity: 8 Jun 2022 9:15 EDT
Closed
Solved

Pega Platform is affected by Cross Site Scripting (XSS) via the ConnectionID parameter : CVE-2020-23957

Security team identified Vulnerability CVE-2020-23957 in Pega 7.3.1 and i could see this is specified in Pega security bulletin as well.

Pega Platform is affected by Cross Site Scripting (XSS) via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI.

https://www.pega.com/trust/security-bulletins

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-23957

Is there a fix available for this vulnerability in Pega 7.3.1?

 



***Edited by Moderator Marije to add Support Case Details; update capability tags***
To see attachments, please log in.
Pega Platform
Security
Lead System Architect
Support Case Parallel

Accepted Solution

Posted: 2 years ago
Updated: 2 years ago
Posted: 1 Jun 2022 7:14 EDT
Updated: 8 Jun 2022 9:15 EDT
Marije Schillern (MarijeSchillern)
MOD
Senior Knowledge Management Specialist
Pegasystems Inc.
GB

@KiranKS  yes in the support ticket that you have already logged please request HFIX-68904.

Alternatively log a new 'Request HFIX' ticket and let the team know.

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice