Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pega platform vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-32090
Pega platform clients who are using versions 6.1 up to and including 7.3.1 may be utilizing default credentials
Pega Pega Platform
9.8
CVSSv3
CVE-2023-28094
Pega platform clients who are using versions 7.4 up to and including 8.8.x and have upgraded from a version before 8.x may be utilizing default credentials.
Pega Pega Platform
9.8
CVSSv3
CVE-2022-24082
If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect ...
Pega Infinity
9.8
CVSSv3
CVE-2020-15390
pyActivity in Pega Platform 8.4.0.237 has a security misconfiguration that leads to an improper access control vulnerability via =GetWebInfo.
Pega Pega Platform 8.4.0.237
9.8
CVSSv3
CVE-2019-16374
Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control.
Pega Platform
8.9
CVSSv3
CVE-2020-8775
Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags.
Pega Platform
8.9
CVSSv3
CVE-2020-8773
The Richtext Editor in Pega Platform prior to 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability.
Pega Platform
8.8
CVSSv3
CVE-2020-8774
Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID" function.
Pega Pega Platform
8.6
CVSSv3
CVE-2023-50165
Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Generated PDF issue that could expose file contents.
Pega Platform
8.1
CVSSv3
CVE-2019-16387
PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchema_ListDatabases request while using a low-privilege account. (This can perform actions and retrieve data that only an administrator should have access to.) NOTE: Th...
Pega Pega Platform 8.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
NEXT »