10 matches found
CVE-2021-27651
CVE-2021-27651 affects Pega Infinity versions 8.2.1 through 8.5.2. The password-reset flow for local accounts can bypass local authentication checks, enabling an attacker to gain unauthorized access to a Pega Infinity installation. Public sources describe a path to login with an administrator acc...
CVE-2021-27653
CVE-2021-27653 concerns a misconfiguration in the Pega Chat Access Group Portal on Pegasystem’s Pega Platform (versions 7.4.0–8.5.x) that can cause unintended data exposure. A connected ThreatPost report ties the CVE to a scenario where the portal defaults to admin credentials, enabling access ac...
CVE-2022-24082
CVE-2022-24082 affects on‑premises Pega Platform installations when the JMX interface port is exposed to the Internet and port filtering is misconfigured, enabling upload of serialized payloads to compromise the underlying system. On-PegaCloud deployments are not affected. Public exploit activity...
CVE-2022-24083
CVE-2022-24083 affects Pegasystems/Pega software (Pega Infinity). The vulnerability is a password authentication bypass for local accounts, allowing bypass of local authentication checks. The CVSS metrics reported (NVD/PEGA) indicate CRITICAL impact (C/H, I/H, A/H) with NETWORK attack vector and ...
CVE-2024-10716
CVE-2024-10716 affects Pega Platform versions 8.1 to Infinity 24.2.0 with a cross-site scripting (XSS) flaw in the search feature. The public records describe the issue without explicit exploit details; the NVD notes a MEDIUM base score with user interaction required and a network attack vector. ...
CVE-2024-6700
Pega Platform (versions 8.1 to Infinity 24.1.2) is affected by a Cross-Site Scripting (XSS) vulnerability in the App name. The available documents identify the issue as XSS but do not specify the underlying code path or root cause details. The PT-2024-37807 entry consistently lists the affected r...
CVE-2024-10094
CVE-2024-10094 affects Pega Platform versions 6.x through Infinity 24.1.1 due to an issue with Improper Control of Generation of Code. Connected sources consistently identify this as the affected product and root cause. Public details mention a large range of versions but do not provide a confirm...
CVE-2021-27654
CVE-2021-27654 affects Pegasystems Pega. The vulnerability arises from a forgotten password reset functionality for local accounts that can bypass local authentication checks. Public data shows CVSS details: CVSS v3.1 base score 7.8 (HIGH) with LOCAL access, LOW attack complexity, privileges requ...
CVE-2024-6701
CVE-2024-6701 affects Pega Platform versions 8.1 through Infinity 24.1.2 with an XSS issue in the case type. Attack vector is network, with high privileges required and user interaction R equired, and it may impact confidentiality and integrity (as per NVD metrics). The description does not provi...
CVE-2024-6702
CVE-2024-6702 affects Pega Platform versions 8.1 to 24.1.2, describing an HTML Injection issue in Stage. The connected PT- security entry confirms the vulnerability involves HTML Injection in Stage and notes there is no available information about a fix in a newer version. Other sources (NVD/Red ...