Design/Logic Flaw

2021-04-0119:15:00

PRIOn knowledge base

www.prio-n.com

5.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

32.3%

Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure.

CPENameOperatorVersion
infinityge7.4.0
infinitylt8.5.3

CPE	Name	Operator	Version
	infinity	ge	7.4.0
	infinity	lt	8.5.3

References

collaborate.pega.com/discussion/pega-security-advisory-%E2%80%93-b21

robertwillishacking.com/census-vulnerability-exposes-10k-oauth-tokens-thousands-of-user-records/