Hi Team,
Could you please suggest security vulnerability breaches in pega 7.3.1 version for IDOR( Insecure direct object reference and CSRF attack fixes.
@Mohan_Billava please take a look at the announcements that are made on the Security Bulletins page.
You can also search through the Pega Security Advisory support documents which may or may not include references to existing hotfixes for your version.
If you experience any reproducible issues you can log these as support incidents on the My Support Portal in order that the team can check if you are missing any known hotfixes.
Pega 7.3.1 is now in extended support. See the full schedule here.
You can check the Resolved Issues pages for any XSS concerns you might have.
@MarijeSchillern Thanks for the Details. will have a look
@MarijeSchillern We are still facing this issue. Given link dont have much info on pega 731 security vulnerability.
@Mohan_Billava if you are experiencing a security concern in your environment, please could you log a support incident on the msp?
issue got resolved by adding couple of DSS related to CSRF attack and creating privileg rule for admin sections.
@Mohan_Billava We are having same issue, What changes are made for this issue?
@KiranKS which measures did you already follow regarding Securing your application?
Understanding dynamic system settings
Pega Documentation
Mitigating common security vulnerabilities
About the bulk Revalidate and Save tool
Using the Revalidate and Save tool
Pega Support Documents
Supported Content Security Policy (CSP) for Traditional UI and Constellation UI
Rich Text Editor issues caused by DOMPurifier filters for security
Preventing risk of XSS attack when specifying Label controls [SDR-A71]