Pega continually works to implement security controls designed to protect client environments. With this focus, Pega has issued patch releases/hotfixes for one high security vulnerability in Pega Platform. We would like to thank Tomasz Stachowicz for finding this vulnerability.
|
Advisory |
Description |
Impact |
|---|---|---|
|
G23 |
Generated PDF issue |
An issue was identified with generated PDF files, as part of the Collaboration Documents feature that could expose file contents.
Pega strongly recommends that all clients install the hotfix/ apply patch to ensure that this issue is addressed in their systems.
|
|
|
|
We are not aware of any clients being affected as a result of this issue. Out of an abundance of caution, we are taking the extraordinary step of issuing hotfixes for all versions affected.
The versions affected are listed below and the remediation for this issue will be provided in the 8.8.5, 23.1.1, and 24.1.0 product patch and higher releases. Hotfixes are available for the affected versions as listed below.
If you are a Pega Cloud client, your Pega Cloud® environments running the relevant Pega versions listed in the table below, are being proactively remediated by Pega. Cloud Maintenance [ CM ] cases are being created for each of your environments which will provide the schedule of when the hotfixes will be applied.
If you are a United States Pega Cloud for Government (PCFG) client, Service Request [ SR ] cases are being created which will provide the relevant hotfixes for you to apply to your PCFG environments.
If you are an on–premises or client managed cloud client, please review the tables below to determine which hotfixes correspond to your Pegasystems installation. Once you have determined the appropriate hotfix IDs, please submit hotfix requests using My Support Portal. As always, be sure you have appropriate backups in place before applying the hotfixes.
As always, we recommend our clients review our Security Checklist regularly.
CVE Details:
|
Details |
Issue: Generated PDF issue |
|---|---|
|
Software/Product |
Pega Platform |
|
Affected Version(s) |
8.2.1 to 23.1.0 |
|
CVSS Rating |
8.5 (High) |
|
CVE |
CVE-2023-50165 |
|
Description |
Generated PDF issue |
Hotfixes:
Hotfixes have been created for the affected patch releases. No restart is needed after installation.
As a best practice, you should update your Pega environment to the latest release to take advantage of the latest features, capabilities, and security and bug fixes. See Keeping current with Pega.
|
Version |
Hotfix |
|---|---|
|
8.2.1 |
HFIX-A1436 |
|
8.2.2 |
HFIX-A1435 |
|
8.2.3 |
HFIX-A1434 |
|
8.2.4 |
HFIX-A1433 |
|
8.2.5 |
HFIX-A1432 |
|
8.2.6 |
HFIX-A1431 |
|
8.2.7 |
HFIX-A1430 |
|
8.2.8 |
HFIX-A1429 |
|
8.3.0 |
HFIX-A1428 |
|
8.3.1 |
HFIX-A1427 |
|
8.3.2 |
HFIX-A1426 |
|
8.3.3 |
HFIX-A1425 |
|
8.3.4 |
HFIX-A1424 |
|
8.3.5 |
HFIX-A1423 |
|
8.3.6 |
HFIX-A1422 |
|
8.4.0 |
HFIX-A1421 |
|
8.4.1 |
HFIX-A1400 |
|
8.4.2 |
HFIX-A1399 |
|
8.4.3 |
HFIX-A1398 |
|
8.4.4 |
HFIX-A1397 |
|
8.4.5 |
HFIX-A1396 |
|
8.4.6 |
HFIX-A1395 |
|
8.5.1 |
HFIX-A1367 |
|
8.5.2 |
HFIX-A1366 |
|
8.5.3 |
HFIX-A1365 |
|
8.5.4 |
HFIX-A1364 |
|
8.5.5 |
HFIX-A1363 |
|
8.5.6 |
HFIX-A1362 |
|
8.6.0 |
HFIX-A1361 |
|
8.6.1 |
HFIX-A1360 |
|
8.6.2 |
HFIX-A1359 |
|
8.6.3 |
HFIX-A1358 |
|
8.6.4 |
HFIX-A1357 |
|
8.6.5 |
HFIX-A1356 |
|
8.6.6 |
HFIX-A1355 |
|
8.7.0 |
HFIX-A1354 |
|
8.7.1 |
HFIX-A1353 |
|
8.7.2 |
HFIX-A1352 |
|
8.7.3 |
HFIX-A1351 |
|
8.7.4 |
HFIX-A1350 |
|
8.7.5 |
HFIX-A1349 |
|
8.7.6 |
HFIX-A1348 |
|
8.8.0 |
HFIX-A1347 |
|
8.8.1 |
HFIX-A1346 |
|
8.8.2 |
HFIX-A1345 |
|
8.8.3 |
HFIX-A1272 |
|
8.8.4 |
HFIX-A1344 |
|
23.1.0 |
HFIX-A1343 |