Skip to main content

Pega Platform CVE-2017-11356

MEDIUM
Information Exposure (CWE-200)
2017-08-02 cve@mitre.org
6.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 02, 2017 - 19:29 cve.org
MEDIUM 6.5

DescriptionCVE.org

The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by leveraging a missing access control.

AnalysisAI

The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Exposure of Sensitive Information (CWE-200), which allows attackers to access sensitive data that should not be disclosed. The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by leveraging a missing access control. Affected products include: Pega Pega Platform.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Minimize information in error messages, implement proper access controls, encrypt sensitive data at rest and in transit.

CVE-2019-16387 HIGH POC
8.1 Nov 26

PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchema_Li

CVE-2017-11355 MEDIUM POC
6.1 Aug 02

Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to injec

CVE-2020-23957 MEDIUM POC
6.1 Dec 15

Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS) via the ConnectionID parameter, as demonstrated by

CVE-2023-32090 CRITICAL
9.8 Aug 07

Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials. Rated critical seve

CVE-2023-28094 CRITICAL
9.8 Jun 22

Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be util

CVE-2020-8774 HIGH
8.8 Apr 29

Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID"

CVE-2019-16388 MEDIUM POC
4.3 Nov 26

PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAle

CVE-2019-16386 MEDIUM POC
4.3 Nov 26

PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivi

CVE-2025-2160 HIGH
8.1 Apr 14

Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup. Rated high severity (CVSS 8.1)

CVE-2025-2161 HIGH
7.1 Apr 14

Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup. Rated high severity (CVSS 7.1)

CVE-2023-26465 MEDIUM
6.1 Jun 09

Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue. Rated medium severity (CVSS 6.1), this vulnerability i

CVE-2022-35655 MEDIUM
6.1 Aug 22

Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting. Rated mediu

Share

CVE-2017-11356 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy