Lucene search

PegaCVE-2023-32089

HistoryOct 18, 2023 - 12:15 p.m.

CVE-2023-32089

2023-10-1812:15:09

CWE-79

Pega

web.nvd.nist.gov

nvd

cve-2023-32089

pega platform

xss

pin description

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

20.2%

JSON

Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description

Affected configurations

Nvd

Node

pegaplatformRange8.1.0–8.8.2

VendorProductVersionCPE
pegaplatform*cpe:2.3:a:pega:platform:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pega	platform	*	cpe:2.3:a:pega:platform::::::::

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Pega Platform",
    "vendor": "Pegasystems",
    "versions": [
      {
        "lessThan": "8.8.3",
        "status": "affected",
        "version": "8.1",
        "versionType": "custom"
      }
    ]
  }
]

References

support.pega.com/support-doc/pega-security-advisory-e23-vulnerability-remediation-note

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

20.2%

JSON

Related for CVE-2023-32089