Lucene search
K
PegaInfinity

10 matches found

CVE
CVE
added 2021/04/29 2:47 p.m.122 views

CVE-2021-27651

CVE-2021-27651 affects Pega Infinity versions 8.2.1 through 8.5.2. The password-reset flow for local accounts can bypass local authentication checks, enabling an attacker to gain unauthorized access to a Pega Infinity installation. Public sources describe a path to login with an administrator acc...

9.8CVSS9.4AI score0.53841EPSS
Web
CVE
CVE
added 2021/04/01 6:38 p.m.90 views

CVE-2021-27653

CVE-2021-27653 concerns a misconfiguration in the Pega Chat Access Group Portal on Pegasystem’s Pega Platform (versions 7.4.0–8.5.x) that can cause unintended data exposure. A connected ThreatPost report ties the CVE to a scenario where the portal defaults to admin credentials, enabling access ac...

6.6CVSS5AI score0.01086EPSS
CVE
CVE
added 2022/07/19 12:0 a.m.75 views

CVE-2022-24082

CVE-2022-24082 affects on‑premises Pega Platform installations when the JMX interface port is exposed to the Internet and port filtering is misconfigured, enabling upload of serialized payloads to compromise the underlying system. On-PegaCloud deployments are not affected. Public exploit activity...

9.8CVSS9.4AI score0.09477EPSS
CVE
CVE
added 2022/07/25 4:7 p.m.73 views

CVE-2022-24083

CVE-2022-24083 affects Pegasystems/Pega software (Pega Infinity). The vulnerability is a password authentication bypass for local accounts, allowing bypass of local authentication checks. The CVSS metrics reported (NVD/PEGA) indicate CRITICAL impact (C/H, I/H, A/H) with NETWORK attack vector and ...

9.8CVSS9.2AI score0.00783EPSS
CVE
CVE
added 2024/12/05 3:28 p.m.62 views

CVE-2024-10716

CVE-2024-10716 affects Pega Platform versions 8.1 to Infinity 24.2.0 with a cross-site scripting (XSS) flaw in the search feature. The public records describe the issue without explicit exploit details; the NVD notes a MEDIUM base score with user interaction required and a network attack vector. ...

5.9CVSS5.5AI score0.00212EPSS
CVE
CVE
added 2024/09/12 2:24 p.m.59 views

CVE-2024-6700

Pega Platform (versions 8.1 to Infinity 24.1.2) is affected by a Cross-Site Scripting (XSS) vulnerability in the App name. The available documents identify the issue as XSS but do not specify the underlying code path or root cause details. The PT-2024-37807 entry consistently lists the affected r...

5.5CVSS6.2AI score0.00244EPSS
CVE
CVE
added 2024/11/20 2:45 p.m.54 views

CVE-2024-10094

CVE-2024-10094 affects Pega Platform versions 6.x through Infinity 24.1.1 due to an issue with Improper Control of Generation of Code. Connected sources consistently identify this as the affected product and root cause. Public details mention a large range of versions but do not provide a confirm...

9.8CVSS9.3AI score0.00463EPSS
CVE
CVE
added 2022/01/28 7:9 p.m.49 views

CVE-2021-27654

CVE-2021-27654 affects Pegasystems Pega. The vulnerability arises from a forgotten password reset functionality for local accounts that can bypass local authentication checks. Public data shows CVSS details: CVSS v3.1 base score 7.8 (HIGH) with LOCAL access, LOW attack complexity, privileges requ...

8.8CVSS7.8AI score0.00603EPSS
CVE
CVE
added 2024/09/12 2:25 p.m.49 views

CVE-2024-6701

CVE-2024-6701 affects Pega Platform versions 8.1 through Infinity 24.1.2 with an XSS issue in the case type. Attack vector is network, with high privileges required and user interaction R equired, and it may impact confidentiality and integrity (as per NVD metrics). The description does not provi...

5.5CVSS6.2AI score0.00244EPSS
CVE
CVE
added 2024/09/12 2:25 p.m.45 views

CVE-2024-6702

CVE-2024-6702 affects Pega Platform versions 8.1 to 24.1.2, describing an HTML Injection issue in Stage. The connected PT- security entry confirms the vulnerability involves HTML Injection in Stage and notes there is no available information about a fix in a newer version. Other sources (NVD/Red ...

5.2CVSS7.3AI score0.00244EPSS