Pega Platform
by Pega
CVEs (44)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-50167 | 0.00 | — | 0.00 | Mar 6, 2024 | Pega Platform from 7.1.7 to 23.1.1 is affected by an XSS issue with editing/rendering user html content. | |||
| CVE-2023-50166 | 0.00 | — | 0.00 | Jan 31, 2024 | Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter. | |||
| CVE-2023-50165 | 0.00 | — | 0.00 | Jan 31, 2024 | Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Generated PDF issue that could expose file contents. | |||
| CVE-2023-32089 | 0.00 | — | 0.00 | Oct 18, 2023 | Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description | |||
| CVE-2023-32088 | 0.00 | — | 0.00 | Oct 18, 2023 | Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation | |||
| CVE-2023-32087 | 0.00 | — | 0.00 | Oct 18, 2023 | Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation | |||
| CVE-2023-4843 | 0.00 | — | 0.00 | Sep 8, 2023 | Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however this field can only be modified by an authenticated administrative user. | |||
| CVE-2023-32090 | 0.00 | — | 0.01 | Aug 7, 2023 | Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials | |||
| CVE-2023-28094 | 0.00 | — | 0.01 | Jun 22, 2023 | Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials. | |||
| CVE-2023-26465 | 0.00 | — | 0.00 | Jun 9, 2023 | Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue. | |||
| CVE-2022-35656 | 0.00 | — | 0.00 | Aug 22, 2022 | Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly. | |||
| CVE-2022-35655 | 0.00 | — | 0.00 | Aug 22, 2022 | Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting. | |||
| CVE-2022-35654 | 0.00 | — | 0.00 | Aug 22, 2022 | Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter. | |||
| CVE-2020-15390 | 0.00 | — | 0.01 | Apr 12, 2021 | pyActivity in Pega Platform 8.4.0.237 has a security misconfiguration that leads to an improper access control vulnerability via =GetWebInfo. | |||
| CVE-2021-27653 | 0.00 | — | 0.01 | Apr 1, 2021 | Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure. | |||
| CVE-2020-23957 | 0.00 | — | 0.01 | Dec 15, 2020 | Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS) via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI. | |||
| CVE-2020-24353 | 0.00 | — | 0.01 | Nov 9, 2020 | Pega Platform before 8.4.0 has a XSS issue via stream rule parameters used in the request header. | |||
| CVE-2019-16374 | 0.00 | — | 0.02 | Aug 13, 2020 | Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control. | |||
| CVE-2020-8775 | 0.00 | — | 0.01 | Apr 29, 2020 | Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags. | |||
| CVE-2020-8773 | 0.00 | — | 0.01 | Apr 29, 2020 | The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability. |
- CVE-2023-50167Mar 6, 2024risk 0.00cvss —epss 0.00
Pega Platform from 7.1.7 to 23.1.1 is affected by an XSS issue with editing/rendering user html content.
- CVE-2023-50166Jan 31, 2024risk 0.00cvss —epss 0.00
Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter.
- CVE-2023-50165Jan 31, 2024risk 0.00cvss —epss 0.00
Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Generated PDF issue that could expose file contents.
- CVE-2023-32089Oct 18, 2023risk 0.00cvss —epss 0.00
Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description
- CVE-2023-32088Oct 18, 2023risk 0.00cvss —epss 0.00
Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation
- CVE-2023-32087Oct 18, 2023risk 0.00cvss —epss 0.00
Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation
- CVE-2023-4843Sep 8, 2023risk 0.00cvss —epss 0.00
Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however this field can only be modified by an authenticated administrative user.
- CVE-2023-32090Aug 7, 2023risk 0.00cvss —epss 0.01
Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials
- CVE-2023-28094Jun 22, 2023risk 0.00cvss —epss 0.01
Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials.
- CVE-2023-26465Jun 9, 2023risk 0.00cvss —epss 0.00
Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue.
- CVE-2022-35656Aug 22, 2022risk 0.00cvss —epss 0.00
Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly.
- CVE-2022-35655Aug 22, 2022risk 0.00cvss —epss 0.00
Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting.
- CVE-2022-35654Aug 22, 2022risk 0.00cvss —epss 0.00
Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter.
- CVE-2020-15390Apr 12, 2021risk 0.00cvss —epss 0.01
pyActivity in Pega Platform 8.4.0.237 has a security misconfiguration that leads to an improper access control vulnerability via =GetWebInfo.
- CVE-2021-27653Apr 1, 2021risk 0.00cvss —epss 0.01
Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure.
- CVE-2020-23957Dec 15, 2020risk 0.00cvss —epss 0.01
Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS) via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI.
- CVE-2020-24353Nov 9, 2020risk 0.00cvss —epss 0.01
Pega Platform before 8.4.0 has a XSS issue via stream rule parameters used in the request header.
- CVE-2019-16374Aug 13, 2020risk 0.00cvss —epss 0.02
Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control.
- CVE-2020-8775Apr 29, 2020risk 0.00cvss —epss 0.01
Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags.
- CVE-2020-8773Apr 29, 2020risk 0.00cvss —epss 0.01
The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability.
Page 2 of 3