CVE-2024-6700
📋 TL;DR
Pega Platform versions 8.1 through Infinity 24.1.2 contain a cross-site scripting (XSS) vulnerability in the application name field. This allows attackers to inject malicious scripts that execute in users' browsers when viewing affected application names. Organizations using vulnerable Pega Platform deployments are affected.
💻 Affected Systems
- Pega Platform
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could steal session cookies, perform actions as authenticated users, redirect to malicious sites, or deface the application interface.
Likely Case
Attackers could steal user session tokens or credentials, leading to account compromise and unauthorized access to sensitive data.
If Mitigated
With proper input validation and output encoding, the impact is limited to minor interface disruption without data compromise.
🎯 Exploit Status
XSS vulnerabilities typically have low exploitation complexity but require user interaction or social engineering.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Infinity 24.1.3 and later
Vendor Advisory: https://support.pega.com/support-doc/pega-security-advisory-c24-vulnerability-remediation-note
Restart Required: Yes
Instructions:
1. Upgrade to Pega Platform Infinity 24.1.3 or later. 2. Apply the patch following Pega's deployment procedures. 3. Restart the application server. 4. Verify the fix is applied.
🔧 Temporary Workarounds
Input Validation Filter
allImplement server-side input validation to sanitize application name fields before processing.
Implement input validation in application logic to strip or encode HTML/JavaScript from application name inputs
Output Encoding
allApply proper output encoding when displaying application names in web interfaces.
Use HTML entity encoding (e.g., convert < to <, > to >) for all user-controlled data in HTML contexts
🧯 If You Can't Patch
- Implement a web application firewall (WAF) with XSS protection rules
- Restrict access to Pega Platform administration interfaces to trusted networks only
🔍 How to Verify
Check if Vulnerable:
Check Pega Platform version via administrative interface or configuration files. If version is between 8.1 and 24.1.2 inclusive, the system is vulnerable.Check Version:
Check PegaSystem.properties file or use Pega administrative console to view version informationVerify Fix Applied:
After patching, verify the version is 24.1.3 or later and test application name fields for XSS by attempting to inject basic script payloads.📡 Detection & Monitoring
Log Indicators:
- Unusual application name modifications
- Requests containing script tags or JavaScript in application name parameters
Network Indicators:
- HTTP requests with suspicious payloads in application name fields
- Unexpected redirects from Pega application pages
SIEM Query:
source="pega_logs" AND (message="*<script>*" OR message="*javascript:*")