VYPR

Pega Platform

by Pega

CVEs (44)

  • CVE-2023-50167Mar 6, 2024
    risk 0.00cvss epss 0.00

    Pega Platform from 7.1.7 to 23.1.1 is affected by an XSS issue with editing/rendering user html content.

  • CVE-2023-50166Jan 31, 2024
    risk 0.00cvss epss 0.00

    Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter.

  • CVE-2023-50165Jan 31, 2024
    risk 0.00cvss epss 0.00

    Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Generated PDF issue that could expose file contents.

  • CVE-2023-32089Oct 18, 2023
    risk 0.00cvss epss 0.00

    Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description

  • CVE-2023-32088Oct 18, 2023
    risk 0.00cvss epss 0.00

    Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation

  • CVE-2023-32087Oct 18, 2023
    risk 0.00cvss epss 0.00

    Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation

  • CVE-2023-4843Sep 8, 2023
    risk 0.00cvss epss 0.00

    Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however this field can only be modified by an authenticated administrative user.

  • CVE-2023-32090Aug 7, 2023
    risk 0.00cvss epss 0.01

    Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials

  • CVE-2023-28094Jun 22, 2023
    risk 0.00cvss epss 0.01

    Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials.

  • CVE-2023-26465Jun 9, 2023
    risk 0.00cvss epss 0.00

    Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue.

  • CVE-2022-35656Aug 22, 2022
    risk 0.00cvss epss 0.00

    Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly.

  • CVE-2022-35655Aug 22, 2022
    risk 0.00cvss epss 0.00

    Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting.

  • CVE-2022-35654Aug 22, 2022
    risk 0.00cvss epss 0.00

    Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter.

  • CVE-2020-15390Apr 12, 2021
    risk 0.00cvss epss 0.01

    pyActivity in Pega Platform 8.4.0.237 has a security misconfiguration that leads to an improper access control vulnerability via =GetWebInfo.

  • CVE-2021-27653Apr 1, 2021
    risk 0.00cvss epss 0.01

    Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure.

  • CVE-2020-23957Dec 15, 2020
    risk 0.00cvss epss 0.01

    Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS) via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI.

  • CVE-2020-24353Nov 9, 2020
    risk 0.00cvss epss 0.01

    Pega Platform before 8.4.0 has a XSS issue via stream rule parameters used in the request header.

  • CVE-2019-16374Aug 13, 2020
    risk 0.00cvss epss 0.02

    Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control.

  • CVE-2020-8775Apr 29, 2020
    risk 0.00cvss epss 0.01

    Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags.

  • CVE-2020-8773Apr 29, 2020
    risk 0.00cvss epss 0.01

    The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability.