Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Pega Infinity Direct Request (Forced Browsing) Vulnerability - CVE-2019-16386 - Vulnerability Database
Pega Infinity

Pega Infinity Direct Request (Forced Browsing) Vulnerability - CVE-2019-16386

Medium
Reference: CVE-2019-16386
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-16386
Title: Pega Infinity Direct Request (Forced Browsing) Vulnerability
Overview:

PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/STANDARDpyActivityGetWebInfoamptargetpopupamppzHarnessIDrandom_harness_id request to get database schema information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovered using an administrator account and they are normal administrator functions. Therefore the claim that the CVE was done with a low privilege account is incorrect