Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Pega Infinity Direct Request (Forced Browsing) Vulnerability - CVE-2019-16388 - Vulnerability Database
Pega Infinity

Pega Infinity Direct Request (Forced Browsing) Vulnerability - CVE-2019-16388

Medium
Reference: CVE-2019-16388
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-16388
Title: Pega Infinity Direct Request (Forced Browsing) Vulnerability
Overview:

PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/STANDARDpyStreamMyAlerts request to get Audit Log information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovered using an administrator account and they are normal administrator functions. Therefore the claim that the CVE was done with a low privilege account is incorrect