Skip to main content

This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.

Question

 cmu ftb (cmurocks)
FTB

FTB
US
cmurocks Member since 2016 2 posts
FTB
Posted: Aug 29, 2018
Last activity: Sep 10, 2018
Posted: 29 Aug 2018 12:36 EDT
Last activity: 10 Sep 2018 15:47 EDT
Closed

pega.pegarules vulnerable OSS JAR dependencies

what version of PEGA CM addresses/fixes these vulnerabilities?

CVE-2018-10237 Guava is vulnerable to Denial of Service (DoS).

CVE-2016-1000031 Apache Commons FileUpload library Apache Commons FileUpload before 1.3.3 is vulnerable to an arbitrary file relocation and file copy which can potentially lead to Remote Code Execution (RCE).

To see attachments, please log in.
Java and Activities
Case Management
Security

Posted: 6 years ago
Posted: 10 Sep 2018 15:47 EDT
Brad Tainter (Br@dTainter_GCS)
PEGA
Fellow, Technical Support, Platform Service
Pegasystems Inc.
US

Hi CMURocks,

Please open up an SR to have these issues evaluated.  Once you open the SR, please reply back here with the SR#.

Thanks!

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice