Lucene search

Infinity Security Vulnerabilities - February

cve

CVE-2021-27651

In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks.

9.8CVSS

9.4AI Score

0.068EPSS

2021-04-29 03:15 PM

cve

CVE-2021-27653

Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure.

6.6CVSS

5AI Score

0.001EPSS

2021-04-01 07:15 PM

cve

CVE-2021-27654

Forgotten password reset functionality for local accounts can be used to bypass local authentication checks.

7.8CVSS

7.8AI Score

0.0004EPSS

2022-01-28 08:15 PM

cve

CVE-2022-24082

If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect systems running on ...

9.8CVSS

9.4AI Score

0.016EPSS

2022-07-19 03:15 PM

cve

CVE-2022-24083

Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks.

9.8CVSS

9.2AI Score

0.002EPSS

2022-07-25 05:15 PM

cve

CVE-2024-6700

Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name.

5.5CVSS

6.2AI Score

0.0004EPSS

2024-09-12 03:18 PM

cve

CVE-2024-6701

Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type.

5.5CVSS

6.2AI Score

0.0004EPSS

2024-09-12 03:18 PM

cve

CVE-2024-6702

Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage.

5.2CVSS

7.3AI Score

0.0004EPSS

2024-09-12 03:18 PM