Skip to main content

Question

 Sumita Nanda (sumitananda)
Cognizant Technology Solutions
Sumita Nanda
Cognizant Technology Solutions
NL
sumitananda Member since 2008 3 posts
Cognizant Technology Solutions
Posted: May 7, 2024
Last activity: May 22, 2024
Posted: 7 May 2024 13:40 EDT
Last activity: 22 May 2024 11:50 EDT
Solved

Pent test finding for Vulnerable software in Pega application

During the Pent test of one of our Pega applications built  in version 8.7.4, it was found that application uses components with known vulnerabilities. Apache TomCat, version 9.0.17. Is there any hotfix available for the same?

***Edited by Moderator Rupashree S. to add Capability tags***
To see attachments, please log in.
Pega Platform 8.7.4
Data Integration
Testing Applications
Security

  • Reply

Accepted Solution

Posted: 6 months ago
Updated: 6 months ago
Posted: 15 May 2024 9:37 EDT
Updated: 22 May 2024 11:50 EDT
Marije Schillern (MarijeSchillern)
MOD
Senior Knowledge Management Specialist
Pegasystems Inc.
GB

@sumitananda  Pega does not provide hotfixes for third-party software vulnerabilities like Apache Tomcat. It is recommended to update your Apache Tomcat version to a version where the vulnerabilities are fixed. Pega 8.7.4 can run on any Apache Tomcat 9.x version

⚠ This is a GenAI-powered tool. All generated answers require validation against the provided references.

How to fix Tomcat 9.0 vulnerabilities in Pega Platform 8.3.1

Upgrade to Apache 9.0.58 for Pega 8.5.5

Pega 8.7.4 in Tomcat 10

Tomcat 9.0.39 is recommended for Pega 7.3.1?

 

Please also review the Important Links on the PSC landing page: Review Security Advisories and the main portal Security Bulletins

 

To see attachments, please log in.

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice