Platform Security Vulnerabilities and Issues — Platform CVE List

Lucene search

PegaPlatform

8 matches found

cve•added 2020/08/13 1:15 p.m.•36 views

CVE-2019-16374

Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control.

9.8CVSS9.4AI score0.01174EPSS

cve•added 2023/10/18 12:15 p.m.•34 views

CVE-2023-32089

Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description

6.1CVSS5.9AI score0.00111EPSS

cve•added 2020/04/29 4:15 p.m.•33 views

CVE-2020-8775

Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags.

8.9CVSS6.9AI score0.00535EPSS

cve•added 2024/01/31 6:15 p.m.•33 views

CVE-2023-50166

Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter.

6.1CVSS6AI score0.00152EPSS

cve•added 2023/10/18 12:15 p.m.•31 views

CVE-2023-32088

Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation

6.1CVSS5.9AI score0.00111EPSS

cve•added 2024/01/31 6:15 p.m.•31 views

CVE-2023-50165

Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Generated PDF issue that could expose file contents.

8.6CVSS8.4AI score0.00091EPSS

cve•added 2020/04/29 3:15 p.m.•29 views

CVE-2020-8773

The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability.

8.9CVSS7.2AI score0.00535EPSS

cve•added 2023/10/18 12:15 p.m.•27 views

CVE-2023-32087

Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation

6.1CVSS5.9AI score0.00111EPSS