CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-16386

PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get database schema information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovered using an administrator account and they are normal administrator functions. Therefore, the claim that the CVE was done with a low privilege account is incorrect

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 47.0%

CVSS Severity

CVSS v3 Score 4.3

CVSS v2 Score 4.0

References

Products affected by CVE-2019-16386

Pega » Pega Platform » Version: 7.1.0

cpe:2.3:a:pega:pega_platform:7.1.0
Pega » Pega Platform » Version: 7.1.1

cpe:2.3:a:pega:pega_platform:7.1.1
Pega » Pega Platform » Version: 7.1.10

cpe:2.3:a:pega:pega_platform:7.1.10
Pega » Pega Platform » Version: 7.1.2

cpe:2.3:a:pega:pega_platform:7.1.2
Pega » Pega Platform » Version: 7.1.3

cpe:2.3:a:pega:pega_platform:7.1.3
Pega » Pega Platform » Version: 7.1.4

cpe:2.3:a:pega:pega_platform:7.1.4
Pega » Pega Platform » Version: 7.1.5

cpe:2.3:a:pega:pega_platform:7.1.5
Pega » Pega Platform » Version: 7.1.6

cpe:2.3:a:pega:pega_platform:7.1.6
Pega » Pega Platform » Version: 7.1.7

cpe:2.3:a:pega:pega_platform:7.1.7
Pega » Pega Platform » Version: 7.1.8

cpe:2.3:a:pega:pega_platform:7.1.8
Pega » Pega Platform » Version: 7.1.9

cpe:2.3:a:pega:pega_platform:7.1.9
Pega » Pega Platform » Version: 7.2

cpe:2.3:a:pega:pega_platform:7.2
Pega » Pega Platform » Version: 7.2.0

cpe:2.3:a:pega:pega_platform:7.2.0
Pega » Pega Platform » Version: 7.2.1

cpe:2.3:a:pega:pega_platform:7.2.1
Pega » Pega Platform » Version: 7.2.2

cpe:2.3:a:pega:pega_platform:7.2.2
Pega » Pega Platform » Version: 7.2.2.

cpe:2.3:a:pega:pega_platform:7.2.2.
Pega » Pega Platform » Version: 7.3

cpe:2.3:a:pega:pega_platform:7.3
Pega » Pega Platform » Version: 7.3.0

cpe:2.3:a:pega:pega_platform:7.3.0
Pega » Pega Platform » Version: 7.3.1

cpe:2.3:a:pega:pega_platform:7.3.1
Pega » Pega Platform » Version: 7.4

cpe:2.3:a:pega:pega_platform:7.4
Pega » Pega Platform » Version: 7.4.0

cpe:2.3:a:pega:pega_platform:7.4.0
Pega » Pega Platform » Version: 8.1.0

cpe:2.3:a:pega:pega_platform:8.1.0
Pega » Pega Platform » Version: 8.1.1

cpe:2.3:a:pega:pega_platform:8.1.1
Pega » Pega Platform » Version: 8.1.2

cpe:2.3:a:pega:pega_platform:8.1.2
Pega » Pega Platform » Version: 8.1.3

cpe:2.3:a:pega:pega_platform:8.1.3
Pega » Pega Platform » Version: 8.1.4

cpe:2.3:a:pega:pega_platform:8.1.4
Pega » Pega Platform » Version: 8.1.5

cpe:2.3:a:pega:pega_platform:8.1.5
Pega » Pega Platform » Version: 8.1.6

cpe:2.3:a:pega:pega_platform:8.1.6
Pega » Pega Platform » Version: 8.1.7

cpe:2.3:a:pega:pega_platform:8.1.7
Pega » Pega Platform » Version: 8.1.8

cpe:2.3:a:pega:pega_platform:8.1.8
Pega » Pega Platform » Version: 8.2

cpe:2.3:a:pega:pega_platform:8.2
Pega » Pega Platform » Version: 8.2.1

cpe:2.3:a:pega:pega_platform:8.2.1
Pega » Pega Platform » Version: 8.2.2

cpe:2.3:a:pega:pega_platform:8.2.2
Pega » Pega Platform » Version: 8.2.3

cpe:2.3:a:pega:pega_platform:8.2.3
Pega » Pega Platform » Version: 8.2.4

cpe:2.3:a:pega:pega_platform:8.2.4
Pega » Pega Platform » Version: 8.2.5

cpe:2.3:a:pega:pega_platform:8.2.5
Pega » Pega Platform » Version: 8.2.6

cpe:2.3:a:pega:pega_platform:8.2.6
Pega » Pega Platform » Version: 8.2.7

cpe:2.3:a:pega:pega_platform:8.2.7
Pega » Pega Platform » Version: 8.3

cpe:2.3:a:pega:pega_platform:8.3
Pega » Pega Platform » Version: 8.3.0

cpe:2.3:a:pega:pega_platform:8.3.0
Pega » Pega Platform » Version: 8.3.1

cpe:2.3:a:pega:pega_platform:8.3.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-16386

Products

Pricing

Contact Us