VYPR

Pega Platform

by Pega

CVEs (44)

  • CVE-2020-8774Apr 29, 2020
    risk 0.00cvss epss 0.01

    Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID" function.

  • CVE-2019-16388Nov 26, 2019
    risk 0.00cvss epss 0.01

    PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovered using an…

  • CVE-2019-16387Nov 26, 2019
    risk 0.00cvss epss 0.01

    PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchema_ListDatabases request while using a low-privilege account. (This can perform actions and retrieve data that only an administrator should have access to.) NOTE:…

  • CVE-2019-16386Nov 26, 2019
    risk 0.00cvss epss 0.01

    PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get database schema information while using a low-privilege account. NOTE: The vendor…

Page 3 of 3