CVE-2019-16386

2019-11-26T18:15:00
ID CVE-2019-16386
Type cve
Reporter cve@mitre.org
Modified 2019-12-19T22:15:00

Description

DISPUTED PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get database schema information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovered using an administrator account and they are normal administrator functions. Therefore, the claim that the CVE was done with a low privilege account is incorrect.