CVE-2017-11356

Опубликовано: 02 авг. 2017

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by leveraging a missing access control.

Ссылки

http://seclists.org/fulldisclosure/2017/Jul/28
Mailing List
Third Party Advisory
https://pdn.pega.com/pegasystems-security-bulletin-cve-2017-11355-and-cve-2017-11356/pegasystems-security-bulletin-cve
https://www.exploit-db.com/exploits/42335/
http://seclists.org/fulldisclosure/2017/Jul/28
Mailing List
Third Party Advisory
https://pdn.pega.com/pegasystems-security-bulletin-cve-2017-11355-and-cve-2017-11356/pegasystems-security-bulletin-cve
https://www.exploit-db.com/exploits/42335/

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pega:pega_platform:*:*:*:*:*:*:*:*

Версия до 7.2_ml0 (включая)

EPSS

Процентиль: 86%

0.03027

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-2vhh-w2xx-g27v