Description
Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs.
Problem types
CWE-639: Authorization Bypass Through User-Controlled Key
Product status
8.3.0 (custom) before Infinity 25.1.3
Credits
Mohammed F. Alaskar from Saudi Awwal Bank Cybersecurity Team
References
support.pega.com/...isory-i25-vulnerability-remediation-note
support.pega.com/...isory-h26-vulnerability-remediation-note