4 matches found
CVE-2019-16387
PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/randomtoken/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchemaListDatabases request while using a low-privilege account. This can perform actions and retrieve data that only an administrator should have access to. NOTE: The vendor states that...
CVE-2019-16388
PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/randomtoken/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovered using an administrator account and th...
CVE-2019-16388
PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/randomtoken/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovered using an administrator account and th...
CVE-2019-16387
PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/randomtoken/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchemaListDatabases request while using a low-privilege account. This can perform actions and retrieve data that only an administrator should have access to. NOTE: The vendor states that...