Filtered by vendor Pega
Subscribe
Total
36 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2024-6700 | 1 Pega | 1 Infinity | 2024-09-13 | N/A | 4.8 MEDIUM |
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name. | |||||
CVE-2024-6701 | 1 Pega | 1 Infinity | 2024-09-13 | N/A | 4.8 MEDIUM |
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type. | |||||
CVE-2024-6702 | 1 Pega | 1 Infinity | 2024-09-13 | N/A | 4.8 MEDIUM |
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage. | |||||
CVE-2019-16388 | 1 Pega | 1 Pega Platform | 2024-08-05 | 4.0 MEDIUM | 4.3 MEDIUM |
PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovered using an administrator account and they are normal administrator functions. Therefore, the claim that the CVE was done with a low privilege account is incorrect | |||||
CVE-2019-16387 | 1 Pega | 1 Pega Platform | 2024-08-05 | 5.5 MEDIUM | 8.1 HIGH |
PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchema_ListDatabases request while using a low-privilege account. (This can perform actions and retrieve data that only an administrator should have access to.) NOTE: The vendor states that this vulnerability was discovered using an administrator account and they are normal administrator functions. Therefore, the claim that the CVE was done with a low privilege account is incorrect | |||||
CVE-2019-16386 | 1 Pega | 1 Pega Platform | 2024-08-05 | 4.0 MEDIUM | 4.3 MEDIUM |
PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get database schema information while using a low-privilege account. NOTE: The vendor states that this vulnerability was discovered using an administrator account and they are normal administrator functions. Therefore, the claim that the CVE was done with a low privilege account is incorrect | |||||
CVE-2023-50165 | 1 Pega | 1 Platform | 2024-02-28 | N/A | 8.6 HIGH |
Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Generated PDF issue that could expose file contents. | |||||
CVE-2023-50166 | 1 Pega | 1 Platform | 2024-02-28 | N/A | 6.1 MEDIUM |
Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter. | |||||
CVE-2023-32090 | 1 Pega | 1 Pega Platform | 2024-02-28 | N/A | 9.8 CRITICAL |
Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials | |||||
CVE-2023-32089 | 1 Pega | 1 Platform | 2024-02-28 | N/A | 6.1 MEDIUM |
Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description | |||||
CVE-2023-32087 | 1 Pega | 1 Platform | 2024-02-28 | N/A | 6.1 MEDIUM |
Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation | |||||
CVE-2023-4843 | 1 Pega | 1 Pega Platform | 2024-02-28 | N/A | 4.8 MEDIUM |
Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however this field can only be modified by an authenticated administrative user. | |||||
CVE-2023-32088 | 1 Pega | 1 Platform | 2024-02-28 | N/A | 6.1 MEDIUM |
Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation | |||||
CVE-2023-26466 | 1 Pega | 1 Synchronization Engine | 2024-02-28 | N/A | 7.8 HIGH |
A user with non-Admin access can change a configuration file on the client to modify the Server URL. | |||||
CVE-2023-26467 | 1 Pega | 1 Synchronization Engine | 2024-02-28 | N/A | 5.4 MEDIUM |
A man in the middle can redirect traffic to a malicious server in a compromised configuration. | |||||
CVE-2023-28093 | 1 Pega | 1 Synchronization Engine | 2024-02-28 | N/A | 6.5 MEDIUM |
A user with a compromised configuration can start an unsigned binary as a service. | |||||
CVE-2023-26465 | 1 Pega | 1 Pega Platform | 2024-02-28 | N/A | 6.1 MEDIUM |
Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue. | |||||
CVE-2023-28094 | 1 Pega | 1 Pega Platform | 2024-02-28 | N/A | 9.8 CRITICAL |
Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials. | |||||
CVE-2022-35656 | 1 Pega | 1 Pega Platform | 2024-02-28 | N/A | 4.5 MEDIUM |
Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly. | |||||
CVE-2022-24083 | 1 Pega | 1 Infinity | 2024-02-28 | N/A | 9.8 CRITICAL |
Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks. |