Pega Platform Vulnerable to XXE Issue in PDF Generation
CVE-2023-50168

7.7HIGH

Key Information:

Vendor: Pegasystems
Status: Pega Platform
Vendor: CVE Published:; 14 March 2024

🔔 Create Pegasystems Vulnerability Alert

What is CVE-2023-50168?

The Pega Platform, spanning versions from 6.x to 8.8.4, contains a vulnerability related to XML External Entity (XXE) processing, which compromises the integrity and security of PDF Generation functionalities. This flaw can potentially be exploited by malicious actors, allowing them to access sensitive information and execute unauthorized actions within the application. Organizations utilizing these versions should prioritize remediation efforts in accordance with the latest security advisory from Pega Systems.

Affected Version(s)

Pega Platform 6.x < 8.8.5

References

https://support.pega.com/support-doc/pega-security-adviso...

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 14, 2024
Vulnerability Reserved
Dec 4, 2023

Credit

Tomasz Stachowicz

CVE-2023-50168 Data

JSON