Pega continually works to implement security controls designed to protect client environments.
With this focus, Pega has issued hotfixes for a critical security vulnerability in Pega Platform. The vulnerability was found by a client doing penetration testing on their application, and impacts versions 7.3.1 through to 8.7.2 of Pega Infinity. We would like to thank Lewis Churchill, Daniel Wiseman and Alan Tran for finding this vulnerability.
We are not aware of any of our clients being compromised as a result of this vulnerability.
To block malicious actors from exploiting this vulnerability, Pega has created the C22 Hotfix for each relevant version to remediate this issue.
If you are a Pega Cloud client, your Pega Cloud® environments running the relevant Pega versions, are being proactively remediated by Pega. A CM case is being created for each of your environments which provides the schedule of when the Hotfix is being applied.
If you are a Pega Cloud for Government (PCFG) client, a SR case is being created which will provide the relevant Hotfix for you to apply to your PCFG environments. A system restart, by the Pega Cloud team, will then be required for the hotfix to take effect.
If you are an on–premises client, please review the table below to determine which hotfix corresponds to your Pegasystems installation. Once you have determined the appropriate hotfix ID, please submit a hotfix request using My Support Portal. As always, be sure you have appropriate backups in place before applying the hotfix. Note that a system restart will be required for the hotfix to take effect.
Reissue of 7.4 hotfix [HFIX-83599] on 12th July 2022
As part of the C22 Security Advisory, a hotfix was created for version 7.4 – HFIX-83599. Client’s who have installed this fix already are protected for the C22 issue this fix was created for. However, some clients have run into errors related to missing dependent clauses. Affected clients have been notified and urged to download the updated hotfix.
Hotfixes:
|
Version |
Hotfix |
|
7.3.1 |
HFIX-83600 |
|
7.4 |
HFIX-83599 |
|
8.1 |
HFIX-83598 |
|
8.1.1 |
HFIX-83597 |
|
8.1.2 |
HFIX-83596 |
|
8.1.3 |
HFIX-83595 |
|
8.1.4 |
HFIX-83594 |
|
8.1.5 |
HFIX-83593 |
|
8.1.6 |
HFIX-83592 |
|
8.1.7 |
HFIX-83591 |
|
8.1.8 |
HFIX-83590 |
|
8.1.9 |
HFIX-83589 |
|
8.2.1 |
HFIX-83588 |
|
8.2.2 |
HFIX-83587 |
|
8.2.3 |
HFIX-83586 |
|
8.2.4 |
HFIX-83584 |
|
8.2.5 |
HFIX-83583 |
|
8.2.6 |
HFIX-83582 |
|
8.2.7 |
HFIX-83581 |
|
8.2.8 |
HFIX-83580 |
|
8.3 |
HFIX-83579 |
|
8.3.1 |
HFIX-83578 |
|
8.3.2 |
HFIX-83577 |
|
8.3.3 |
HFIX-83576 |
|
8.3.4 |
HFIX-83575 |
|
8.3.5 |
HFIX-83574 |
|
8.3.6 |
HFIX-83573 |
|
8.4.0 |
HFIX-83572 |
|
8.4.1 |
HFIX-83571 |
|
8.4.2 |
HFIX-83570 |
|
8.4.3 |
HFIX-83569 |
|
8.4.4 |
HFIX-83568 |
|
8.4.5 |
HFIX-83567 |
|
8.4.6 |
HFIX-83566 |
|
8.5.1 |
HFIX-83565 |
|
8.5.2 |
HFIX-83564 |
|
8.5.3 |
HFIX-83563 |
|
8.5.4 |
HFIX-83562 |
|
8.5.5 |
HFIX-83561 |
|
8.5.6 |
HFIX-83560 |
|
8.6 |
HFIX-83558 |
|
8.6.1 |
HFIX-83559 |
|
8.6.2 |
HFIX-83630 |
|
8.6.3 |
HFIX-83631 |
|
8.6.4 |
HFIX-83632 |
|
8.7 |
HFIX-83633 |
|
8.7.1 |
HFIX-83634 |
|
8.7.2 |
HFIX-83635 |