Lucene search

PegaCVELIST:CVE-2023-50165

HistoryJan 31, 2024 - 5:21 p.m.

CVE-2023-50165

2024-01-3117:21:04

CWE-918

Pega

www.cve.org

pega platform

cve-2023-50165

pdf issue

file contents

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.4%

JSON

Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Generated PDF issue that could expose file contents.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Pega Platform",
    "vendor": "Pegasystems",
    "versions": [
      {
        "lessThanOrEqual": "23.1.0",
        "status": "affected",
        "version": "8.2.1",
        "versionType": "custom"
      }
    ]
  }
]

References

support.pega.com/support-doc/pega-security-advisory-g23-vulnerability-remediation-note

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

8.7 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.4%

JSON

Related for CVELIST:CVE-2023-50165