Pega continually works to implement security controls designed to protect client environments. With this focus, Pega has issued patch releases for one medium security vulnerability in Pega Platform. We would like to acknowledge Jordan Lyons for finding this vulnerability.
Advisory |
Description |
Impact |
Remediation |
---|---|---|---|
F24 |
Cross Site Scripting (XSS) vulnerability
|
Cross-site scripting (XSS) is an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website. Attackers often initiate an XSS attack by sending a malicious link to a user and enticing the user to click it.
|
23.1.4 Patch Release (12/13 availability) 24.1.2 Patch Release (available) 24.2.1 Patch Release 25.1.0 Release
|
We are not aware of any of our clients being compromised as a result of this vulnerability.
The remediation for these issues will be included as part of the product in the patch releases of the Pega Platform listed above.
We will not provide hotfixes for this Security Advisory, nor will we provide steps as part of a local change.
Information regarding the availability of remediations will be publicly posted on Pega Support Center on January 13, 2024. We request that clients not discuss this in public forums until after it’s been publicly posted.
As always, we recommend our clients review our Security Checklist regularly.
Hotfixes
We will not provide hotfixes for this Security Advisory. Remediation is available in the listed Patch releases.
As a best practice, you should update your Pega environment to the latest release to take advantage of the latest features, capabilities, and security and bug fixes. See Keeping current with Pega.
Dates for upcoming patch releases can be found here: Pega Infinity Patch Calendar .
CVE Details
CVE Details |
Stored XSS issue with profile |
---|---|
Software/Product |
Pega Platform |
Affected Version(s) |
From 8.1 to 24.2.0 |
CVE ID |
CVE-2024-12211 |
CVSS Rating |
Medium – 5.4 |
Description |
Stored Cross Site Script (XSS) vulnerability |
If you have any questions or concerns, please raise a Support ticket with Global Client Support in My Support Portal for assistance.