sensitive information disclosure due to improper access control CVE-2020–15390

Hi Everyone,

Welcome back with a new CVE disclosure, This was discovered early back in 2020 and I haven't got time to the public it due to lots of stuff going in my personal space.

While I was assigned to test an application in my current org I was trying to figure out that the Pega framework was not able to isolate the privilege of few endpoints which should ideally only accessible to the Admin of the system.

We can call it a vertical privilege escalation within the Pega framework developed app.

Few hardening instructions in the Pega system can be made to avoid the below kind of access control-based vulnerabilities.

Vulnerability:

Effect version: ≥8.4x

Vulnerable endpoint: GetWebInfo

sample URL: https://redected.com/prweb/PRWebLDAP1/ywAuTRuvwBNAK1yKa9GHbQ%5B%5B*/!STANDARD?pyActivity=GetWebInfo&target=popup

https://redected.com/<keep the random path generated and give by your server after login>/!STANDARD?pyActivity=GetWebInfo&target=popup

Thanks for taking the time and reading through the article. Feel free to comment for more info.

Jayaram Yalla.