Lucene search

PegaCVELIST:CVE-2024-6701

HistorySep 12, 2024 - 2:25 p.m.

CVE-2024-6701

2024-09-1214:25:28

CWE-79

Pega

www.cve.org

pega platform

xss issue

case type

versions 8.1 to infinity 24.1.2

CVSS3

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

EPSS

Percentile

14.7%

JSON

Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Pega Infinity",
    "vendor": "Pegasystems",
    "versions": [
      {
        "lessThan": "24.1.3",
        "status": "affected",
        "version": "8.1",
        "versionType": "custom"
      }
    ]
  }
]

References

support.pega.com/support-doc/pega-security-advisory-c24-vulnerability-remediation-note

CVSS3

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:N

EPSS

Percentile

14.7%

JSON

Related for CVELIST:CVE-2024-6701