Filtered by vendor Pega
Subscribe
Total
39 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-10094 | 1 Pega | 1 Infinity | 2025-03-10 | N/A | 9.8 CRITICAL |
| Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of Code | |||||
| CVE-2023-50168 | 1 Pega | 1 Pega Platform | 2025-03-10 | N/A | 7.7 HIGH |
| Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation. | |||||
| CVE-2024-10716 | 1 Pega | 1 Infinity | 2025-03-10 | N/A | 4.8 MEDIUM |
| Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search. | |||||
| CVE-2023-50167 | 1 Pega | 1 Pega Platform | 2025-02-18 | N/A | 6.1 MEDIUM |
| Pega Platform from 7.1.7 to 23.1.1 is affected by an XSS issue with editing/rendering user html content. | |||||
| CVE-2024-6700 | 1 Pega | 1 Infinity | 2024-09-13 | N/A | 4.8 MEDIUM |
| Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name. | |||||
| CVE-2024-6701 | 1 Pega | 1 Infinity | 2024-09-13 | N/A | 4.8 MEDIUM |
| Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type. | |||||
| CVE-2024-6702 | 1 Pega | 1 Infinity | 2024-09-13 | N/A | 4.8 MEDIUM |
| Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage. | |||||
| CVE-2019-16386 | 1 Pega | 1 Pega Platform | 2024-08-05 | 4.0 MEDIUM | 4.3 MEDIUM |
| PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get database schema information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovered using an administrator account and they are normal administrator functions. Therefore, the claim that the CVE was done with a low privilege account is incorrect | |||||
| CVE-2019-16387 | 1 Pega | 1 Pega Platform | 2024-08-05 | 5.5 MEDIUM | 8.1 HIGH |
| PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchema_ListDatabases request while using a low-privilege account. (This can perform actions and retrieve data that only an administrator should have access to.) NOTE: The vendor states that this vulnerability was discovered using an administrator account and they are normal administrator functions. Therefore, the claim that the CVE was done with a low privilege account is incorrect | |||||
| CVE-2019-16388 | 1 Pega | 1 Pega Platform | 2024-08-05 | 4.0 MEDIUM | 4.3 MEDIUM |
| PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovered using an administrator account and they are normal administrator functions. Therefore, the claim that the CVE was done with a low privilege account is incorrect | |||||
| CVE-2023-50166 | 1 Pega | 1 Platform | 2024-02-06 | N/A | 6.1 MEDIUM |
| Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter. | |||||
| CVE-2023-50165 | 1 Pega | 1 Platform | 2024-02-06 | N/A | 8.6 HIGH |
| Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Generated PDF issue that could expose file contents. | |||||
| CVE-2023-32088 | 1 Pega | 1 Platform | 2023-10-25 | N/A | 6.1 MEDIUM |
| Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation | |||||
| CVE-2023-32087 | 1 Pega | 1 Platform | 2023-10-25 | N/A | 6.1 MEDIUM |
| Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation | |||||
| CVE-2023-32089 | 1 Pega | 1 Platform | 2023-10-25 | N/A | 6.1 MEDIUM |
| Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description | |||||
| CVE-2023-32090 | 1 Pega | 1 Pega Platform | 2023-08-10 | N/A | 9.8 CRITICAL |
| Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials | |||||
| CVE-2023-28094 | 1 Pega | 1 Pega Platform | 2023-08-05 | N/A | 9.8 CRITICAL |
| Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials. | |||||
| CVE-2023-26465 | 1 Pega | 1 Pega Platform | 2023-06-16 | N/A | 6.1 MEDIUM |
| Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue. | |||||
| CVE-2023-28093 | 1 Pega | 1 Synchronization Engine | 2023-04-21 | N/A | 6.5 MEDIUM |
| A user with a compromised configuration can start an unsigned binary as a service. | |||||
| CVE-2023-26467 | 1 Pega | 1 Synchronization Engine | 2023-04-21 | N/A | 5.4 MEDIUM |
| A man in the middle can redirect traffic to a malicious server in a compromised configuration. | |||||