Lucene search

PegaCVELIST:CVE-2024-6700

HistorySep 12, 2024 - 2:24 p.m.

CVE-2024-6700

2024-09-1214:24:08

CWE-79

Pega

www.cve.org

pega platform

version 8.1

version infinity

cve-2024-6700

xss issue

app name

CVSS3

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

EPSS

Percentile

14.7%

JSON

Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Pega Infinity",
    "vendor": "Pegasystems",
    "versions": [
      {
        "lessThan": "24.1.3",
        "status": "affected",
        "version": "8.1",
        "versionType": "custom"
      }
    ]
  }
]

References

support.pega.com/support-doc/pega-security-advisory-c24-vulnerability-remediation-note

CVSS3

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

EPSS

Percentile

14.7%

JSON

Related for CVELIST:CVE-2024-6700