// For flags

CVE-2017-11356

PEGA Platform <= 7.2 ML0 - Missing Access Control / Cross-Site Scripting

Severity Score

6.5
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by leveraging a missing access control.

La funcionalidad de exportación de distribuciones de aplicaciones en PEGA Platform 7.2 ML0 y anteriores permite que los usuarios autenticados con los privilegios adecuados obtengan información sensible de configuraciones usando un control de acceso que no existía.

PEGA Platform versions 7.2 ML0 and below suffer from missing access control and cross site scripting vulnerabilities.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-07-16 CVE Reserved
  • 2017-07-17 CVE Published
  • 2023-09-28 EPSS Updated
  • 2024-08-05 CVE Updated
  • 2024-08-05 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Pega
Search vendor "Pega"
 Pega Platform
Search vendor "Pega" for product "Pega Platform"
 <= 7.2_ml0
Search vendor "Pega" for product "Pega Platform" and version " <= 7.2_ml0"
-
Affected