CVE-2024-6702
📋 TL;DR
Pega Platform versions 8.1 through Infinity 24.1.2 contain an HTML injection vulnerability in the Stage component that allows attackers to inject malicious HTML content. This affects organizations using Pega Platform for business process management and customer engagement. The vulnerability could lead to phishing attacks or session hijacking when users interact with manipulated content.
💻 Affected Systems
- Pega Platform
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Attackers could inject malicious scripts to steal user credentials, session tokens, or redirect users to phishing sites, potentially leading to account compromise and data theft.
Likely Case
Attackers inject phishing forms or deceptive content to trick users into revealing credentials or sensitive information.
If Mitigated
With proper input validation and output encoding, the injected content would be rendered harmless as plain text.
🎯 Exploit Status
Exploitation requires the ability to inject HTML into the Stage component, which typically requires some level of access to the application.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Infinity 24.1.3 and later
Vendor Advisory: https://support.pega.com/support-doc/pega-security-advisory-c24-vulnerability-remediation-note
Restart Required: Yes
Instructions:
1. Upgrade to Pega Platform Infinity 24.1.3 or later. 2. Apply the patch following Pega's deployment procedures. 3. Restart the Pega Platform services. 4. Validate that the fix is applied correctly.
🔧 Temporary Workarounds
Input Validation Enhancement
allImplement additional input validation and output encoding for Stage component inputs
Implement input validation rules in Pega Platform to sanitize HTML content in Stage fields
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to detect and block HTML injection attempts
- Restrict access to Stage functionality to trusted users only and implement strict input validation
🔍 How to Verify
Check if Vulnerable:
Check Pega Platform version in System Administration portal or via PRPC version APICheck Version:
Access Pega Platform System Administration > About Pega Platform or use PRPC API endpointVerify Fix Applied:
Verify version is 24.1.3 or later and test Stage functionality with HTML injection attempts📡 Detection & Monitoring
Log Indicators:
- Unusual HTML content in Stage-related logs
- Multiple failed HTML injection attempts in application logs
Network Indicators:
- HTTP requests containing suspicious HTML tags or scripts targeting Stage endpoints
SIEM Query:
source="pega_logs" AND ("Stage" OR "HTML injection") AND ("<script>" OR "javascript:" OR "onclick=")