Pega Sales Automation for Financial Services modified rules for BAC prevention (8.3 and prior)
Broken Access control (BAC) refers to all access control issues in web applications that allow end-users to gain unauthorized access to privileged data and functionality. Open Web Application Security Project (OWASP) identifies BAC as one of the top 10 security vulnerabilities. BAC usually occurs when users can bypass access control checks by leveraging vulnerabilities such as uniform resource locator (URL)-based requests that do not verify user privileges.
In the 8.3 release, Pega Sales Automation for Financial Services has modified the rules that call secured activities in the Pega Platform. The query strings and parameters in the calls are registered so that they cannot be tampered by the end-users.
For more information about the enhancements to prevent Broken Access Control (BAC), and to see a list of rules that were modified for all Pega Sales Automation applications, see Pega Sales Automation modified rules for BAC prevention.
The following list shows the modified rules for Pega Sales Automation for Financial Services 8.5. If you have overridden any of these rules in your Pega Sales Automation for Financial Services implementation layer, you need to update them with the changed rules.
| # | Rule type | Rule name | Class name | Available | Ruleset version |
|---|---|---|---|---|---|
| 1 | RULE-HTML-SECTION | CRMSUBMITANDCANCEL | PEGSAFS-WORK-OPPORTUNITY | Yes | PEGASAFS:08-05-01 |
The following list shows the modified rules for Pega Sales Automation for Financial Services 8.3. If you have overridden any of these rules in your Pega Sales Automation for Financial Services implementation layer, you need to update them with the changed rules.
| # | Rule type | Rule name | Class name | Available | Ruleset version |
|---|---|---|---|---|---|
| 1 | Rule-HTML-Property | SafsStageProcessButton | Yes | 08-03-01 | |
| 2 | Rule-Obj-Activity | GetListOfFieldValues | @baseclass | No (Withdrawn) | 08-03-01 |
| 3 | Rule-Obj-Activity | pyCalendarEventDetails | @baseclass | Yes | 08-03-01 |
| 4 | Rule-Obj-Activity | DownloadAttachedFile | Data-WorkAttach-File | Yes | 08-03-01 |
| 5 | Rule-Obj-Activity | pyCalendarEventDetails | PegaSAFS-Work-Appointment | No (Withdrawn) | 08-03-01 |
| 6 | Rule-Obj-Activity | OpenDefaults | PegaSAFS-Work-Opportunity | Yes | 08-03-01 |
Previous topic Activating and training adaptive models for artificial intelligence in Pega Sales Automation for Financial Services (8.4 and prior)