Lucene search

PegaCVE-2023-32087

HistoryOct 18, 2023 - 12:15 p.m.

CVE-2023-32087

2023-10-1812:15:09

CWE-79

Pega

web.nvd.nist.gov

cve-2023-32087

pega platform

xss

task creation

security vulnerability

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

20.2%

JSON

Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation

Affected configurations

Nvd

Node

pegaplatformRange8.1.0–8.7.5

pegaplatformRange8.8.0–8.8.3

VendorProductVersionCPE
pegaplatform*cpe:2.3:a:pega:platform:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pega	platform	*	cpe:2.3:a:pega:platform::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Pega Platform",
    "vendor": "Pegasystems",
    "versions": [
      {
        "lessThan": "23.1.1",
        "status": "affected",
        "version": "8.1",
        "versionType": "custom"
      }
    ]
  }
]

References

support.pega.com/support-doc/pega-security-advisory-e23-vulnerability-remediation-note

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

20.2%

JSON

Related for CVE-2023-32087