Capasystems
Products
2- 19 CVEs
- 1 CVE
Recent CVEs
20| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-24082 | 0.07 | — | 0.46 | Jul 19, 2022 | If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect systems running on PegaCloud due to its design and architecture. | ||
| CVE-2021-27651 | 0.07 | — | 0.92 | Apr 29, 2021 | In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks. | ||
| CVE-2025-9559 | 0.00 | — | 0.00 | Oct 16, 2025 | Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference issue in a user interface component that can only be used to read data. | ||
| CVE-2025-8681 | 0.00 | — | 0.00 | Sep 10, 2025 | Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component. Requires a high privileged user with a developer role. | ||
| CVE-2025-2161 | 0.00 | — | 0.00 | Apr 14, 2025 | Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup | ||
| CVE-2025-2160 | 0.00 | — | 0.00 | Apr 14, 2025 | Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup | ||
| CVE-2024-12211 | 0.00 | — | 0.00 | Jan 13, 2025 | Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile. | ||
| CVE-2024-10716 | 0.00 | — | 0.00 | Dec 5, 2024 | Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search. | ||
| CVE-2024-10094 | 0.00 | — | 0.01 | Nov 20, 2024 | Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of Code | ||
| CVE-2024-6702 | 0.00 | — | 0.00 | Sep 12, 2024 | Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage. | ||
| CVE-2024-6701 | 0.00 | — | 0.00 | Sep 12, 2024 | Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type. | ||
| CVE-2024-6700 | 0.00 | — | 0.00 | Sep 12, 2024 | Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name. | ||
| CVE-2023-26465 | 0.00 | — | 0.01 | Jun 9, 2023 | Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue. | ||
| CVE-2022-35656 | 0.00 | — | 0.00 | Aug 22, 2022 | Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly. | ||
| CVE-2022-35655 | 0.00 | — | 0.00 | Aug 22, 2022 | Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting. | ||
| CVE-2022-35654 | 0.00 | — | 0.01 | Aug 22, 2022 | Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter. | ||
| CVE-2022-24083 | 0.00 | — | 0.00 | Jul 25, 2022 | Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks. | ||
| CVE-2021-27654 | 0.00 | — | 0.00 | Jan 28, 2022 | Forgotten password reset functionality for local accounts can be used to bypass local authentication checks. | ||
| CVE-2021-27653 | 0.00 | — | 0.00 | Apr 1, 2021 | Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure. | ||
| CVE-2013-5216 | 0.00 | — | 0.01 | Sep 12, 2013 | Directory traversal vulnerability in logreader/uploadreader.jsp in CapaSystems Performance Guard before 6.2.102 allows remote attackers to read arbitrary files via unspecified vectors. |
- CVE-2022-24082Jul 19, 2022risk 0.07cvss —epss 0.46
If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect systems running on PegaCloud due to its design and architecture.
- CVE-2021-27651Apr 29, 2021risk 0.07cvss —epss 0.92
In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks.
- CVE-2025-9559Oct 16, 2025risk 0.00cvss —epss 0.00
Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference issue in a user interface component that can only be used to read data.
- CVE-2025-8681Sep 10, 2025risk 0.00cvss —epss 0.00
Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component. Requires a high privileged user with a developer role.
- CVE-2025-2161Apr 14, 2025risk 0.00cvss —epss 0.00
Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup
- CVE-2025-2160Apr 14, 2025risk 0.00cvss —epss 0.00
Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup
- CVE-2024-12211Jan 13, 2025risk 0.00cvss —epss 0.00
Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile.
- CVE-2024-10716Dec 5, 2024risk 0.00cvss —epss 0.00
Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search.
- CVE-2024-10094Nov 20, 2024risk 0.00cvss —epss 0.01
Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of Code
- CVE-2024-6702Sep 12, 2024risk 0.00cvss —epss 0.00
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage.
- CVE-2024-6701Sep 12, 2024risk 0.00cvss —epss 0.00
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type.
- CVE-2024-6700Sep 12, 2024risk 0.00cvss —epss 0.00
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name.
- CVE-2023-26465Jun 9, 2023risk 0.00cvss —epss 0.01
Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue.
- CVE-2022-35656Aug 22, 2022risk 0.00cvss —epss 0.00
Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly.
- CVE-2022-35655Aug 22, 2022risk 0.00cvss —epss 0.00
Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting.
- CVE-2022-35654Aug 22, 2022risk 0.00cvss —epss 0.01
Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter.
- CVE-2022-24083Jul 25, 2022risk 0.00cvss —epss 0.00
Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks.
- CVE-2021-27654Jan 28, 2022risk 0.00cvss —epss 0.00
Forgotten password reset functionality for local accounts can be used to bypass local authentication checks.
- CVE-2021-27653Apr 1, 2021risk 0.00cvss —epss 0.00
Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure.
- CVE-2013-5216Sep 12, 2013risk 0.00cvss —epss 0.01
Directory traversal vulnerability in logreader/uploadreader.jsp in CapaSystems Performance Guard before 6.2.102 allows remote attackers to read arbitrary files via unspecified vectors.