Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pega pega platform vulnerabilities and exploits
(subscribe to this query)
4
CVSSv2
CVE-2019-16386
PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get database schema information while using a low-privilege account. NOTE: The vendo...
Pega Pega Platform
6.8
CVSSv2
CVE-2020-8774
Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID" function.
Pega Pega Platform
NA
CVE-2023-26465
Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue.
Pega Pega Platform
NA
CVE-2023-28094
Pega platform clients who are using versions 7.4 up to and including 8.8.x and have upgraded from a version before 8.x may be utilizing default credentials.
Pega Pega Platform
5.5
CVSSv2
CVE-2019-16387
PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchema_ListDatabases request while using a low-privilege account. (This can perform actions and retrieve data that only an administrator should have access to.) NOTE: Th...
Pega Pega Platform 8.3
4
CVSSv2
CVE-2019-16388
PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account. NOTE: The vendor states that this vulnerability exists using an administrator acco...
Pega Pega Platform 8.3
7.5
CVSSv2
CVE-2020-15390
pyActivity in Pega Platform 8.4.0.237 has a security misconfiguration that leads to an improper access control vulnerability via =GetWebInfo.
Pega Pega Platform 8.4.0.237
NA
CVE-2023-32087
Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation
Pega Platform
NA
CVE-2023-32088
Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation
Pega Platform
NA
CVE-2023-32089
Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description
Pega Platform
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-40673
CVE-2024-36674
CVE-2024-27348
unspecified
CVE-2024-24919
CVE-2024-4870
malicious code
CVE-2024-2019
hard-coded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »