Pega Platform@* Security Vulnerabilities and Issues — Pega Platform@* CVE List

Lucene search

PegaPega Platform*

15 matches found

CVE•added 2022/08/22 3:15 p.m.•70 views

CVE-2022-35654

Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter.

6.1CVSS6AI score0.00497EPSS

CVE•added 2024/03/14 4:15 p.m.•69 views

CVE-2023-50168

Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation.

7.7CVSS6.8AI score0.00104EPSS

CVE•added 2019/11/26 6:15 p.m.•61 views

CVE-2019-16386

PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get database schema information while using a low-privilege account. NOTE: The vendor states that this vulnerab...

4.3CVSS4.5AI score0.0024EPSS

CVE•added 2022/08/22 3:15 p.m.•58 views

CVE-2022-35655

Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting.

6.1CVSS5.9AI score0.00249EPSS

CVE•added 2017/08/02 7:29 p.m.•53 views

CVE-2017-11356

The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by leveraging a missing access control.

6.5CVSS5.9AI score0.03027EPSS

CVE•added 2024/03/06 6:15 p.m.•53 views

CVE-2023-50167

Pega Platform from 7.1.7 to 23.1.1 is affected by an XSS issue with editing/rendering user html content.

6.1CVSS5.2AI score0.00082EPSS

CVE•added 2017/08/02 7:29 p.m.•52 views

CVE-2017-11355

Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) beanReference parameter to the JavaBean viewer page; or the (3) pyTableName to the System database s...

6.1CVSS6AI score0.02826EPSS

CVE•added 2020/12/15 9:15 p.m.•46 views

CVE-2020-23957

Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS) via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI.

6.1CVSS6AI score0.0024EPSS

CVE•added 2022/08/22 3:15 p.m.•46 views

CVE-2022-35656

Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly.

6.8CVSS4.7AI score0.00102EPSS

CVE•added 2023/06/09 9:15 p.m.•46 views

CVE-2023-26465

Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue.

8CVSS7.3AI score0.00487EPSS

CVE•added 2023/06/22 9:15 p.m.•43 views

CVE-2023-28094

Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials.

9.8CVSS9.3AI score0.00216EPSS

CVE•added 2020/04/29 3:15 p.m.•42 views

CVE-2020-8774

Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID" function.

8.8CVSS7.9AI score0.00528EPSS

CVE•added 2023/08/07 12:15 p.m.•42 views

CVE-2023-32090

Pega platform clients who are using versions 6.1 through 7.3.1 may beutilizing default credentials

9.8CVSS9.3AI score0.00216EPSS

CVE•added 2020/11/09 2:15 p.m.•35 views

CVE-2020-24353

Pega Platform before 8.4.0 has a XSS issue via stream rule parameters used in the request header.

6.1CVSS6AI score0.00312EPSS

CVE•added 2023/09/08 5:15 p.m.•33 views

CVE-2023-4843

Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however this field can only be modified by an authenticated administrative user.

4.8CVSS5.1AI score0.00058EPSS