CVE-2019-16386

26.11.2019, 18:15

PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get database schema information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovered using an administrator account and they are normal administrator functions. Therefore, the claim that the CVE was done with a low privilege account is incorrect

Forced Browsing

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.3 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
mitre	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 47%

Vendor	Product	Version
pega	pega_platform	7.1.0 ≤ 𝑥 ≤ 7.4.0
pega	pega_platform	8.1.0 ≤ 𝑥 ≤ 8.3.1

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-425 - Direct Request ('Forced Browsing')
The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

References

https://blog.cybercastrum.com/2019/11/25/cve-2019-16386/