VYPR

Pega Platform

by Pega

CVEs (44)

  • CVE-2017-11356MedAug 2, 2017
    risk 0.46cvss 6.5epss 0.04

    The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by leveraging a missing access control.

  • CVE-2017-11355MedAug 2, 2017
    risk 0.43cvss 6.1epss 0.03

    Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) beanReference parameter to the JavaBean viewer page; or the (3) pyTableName to…

  • CVE-2025-62181MedDec 10, 2025
    risk 0.34cvss 5.3epss 0.00

    Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. This only…

  • CVE-2026-1711MedApr 15, 2026
    risk 0.31cvss 4.8epss 0.00

    Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-Site Scripting vulnerability in a user interface component. Requires a high privileged user with a developer role.

  • CVE-2026-1564MedApr 15, 2026
    risk 0.31cvss 4.8epss 0.00

    Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a user interface component. Requires a high privileged user with a developer role.

  • CVE-2025-62183MedFeb 17, 2026
    risk 0.31cvss epss 0.00

    Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality and Integrity are low.

  • CVE-2025-62184LowMar 31, 2026
    risk 0.22cvss 3.4epss 0.00

    Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity is none.

  • CVE-2022-24082Jul 19, 2022
    risk 0.07cvss epss 0.09

    If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect…

  • CVE-2025-62180Jun 23, 2026
    risk 0.00cvss epss 0.00

    Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs.

  • CVE-2025-9559Oct 16, 2025
    risk 0.00cvss epss 0.00

    Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference issue in a user interface component that can only be used to read data.

  • CVE-2025-8681Sep 10, 2025
    risk 0.00cvss epss 0.00

    Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component.  Requires a high privileged user with a developer role.

  • CVE-2025-2161Apr 14, 2025
    risk 0.00cvss epss 0.00

    Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup

  • CVE-2025-2160Apr 14, 2025
    risk 0.00cvss epss 0.00

    Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup

  • CVE-2024-12211Jan 13, 2025
    risk 0.00cvss epss 0.00

    Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile.

  • CVE-2024-10716Dec 5, 2024
    risk 0.00cvss epss 0.00

    Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search.

  • CVE-2024-10094Nov 20, 2024
    risk 0.00cvss epss 0.00

    Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of Code

  • CVE-2024-6702Sep 12, 2024
    risk 0.00cvss epss 0.00

    Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage.

  • CVE-2024-6701Sep 12, 2024
    risk 0.00cvss epss 0.00

    Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type.

  • CVE-2024-6700Sep 12, 2024
    risk 0.00cvss epss 0.00

    Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name.

  • CVE-2023-50168Mar 14, 2024
    risk 0.00cvss epss 0.00

    Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation.

Page 1 of 3