Symptoms
Applying the hotfix A22 to Pega Platform with the enableJavaInjectionMitigation DSS enabled can cause a “Vulnerable code” exception for the Push Listener Status Info agent.
Enabling the DSS Pega-Engine.security/enableJavaInjectionMitigation sets the value to true.
RuleSet: Pega-Engine
Purpose: security/enableJavaInjectionMitigation
Value: true
The PegaAESRemote Push Listener Status Info agent throws a “Vulnerable code” exception while executing the agent activity.
Errors
Class: com.pega.pegarules.pub.PRRuntimeException
Message: Java code injection pattern identified in the java source code. Vulnerable code detected: java.lang.reflect.Method getEnabledListenersMethodRef = listenerManagement...
Environments
The problem occurs on Pega Platform versions 8.1 - 8.7
Solution
To resolve this issue, follow these steps:
- Download the product rule component for your Pega Platform version. The versions are listed in the RAP Matrix table below.
- Use the Import wizard to install the product rule (Use a secured login URL, for example, https).
For more information, see Importing rules and data from a product rule by using the Import wizard.
What to do next:
After importing the RAP, restart the “Push Listener Status Info” agent in the PegaAESRemote ruleset. For more information see How to restart the agent.
RAP Matrix
The enhanced PegaAESRemote “Push Listener Status Info” is available for the following versions of Pega Platform:
Pega Version |
RAP |
8.1.x |
|
8.2.x |
|
8.3.x |
|
8.4.x |
PEGA84PushListener (Download) |
8.5.x |
|
8.6.x |
|
8.7.x |