Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
pega pega platform vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-24353
Pega Platform prior to 8.4.0 has a XSS issue via stream rule parameters used in the request header.
Pega Pega Platform
4.8
CVSSv3
CVE-2023-4843
Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however this field can only be modified by an authenticated administrative user.
Pega Pega Platform
9.8
CVSSv3
CVE-2023-32090
Pega platform clients who are using versions 6.1 up to and including 7.3.1 may be utilizing default credentials
Pega Pega Platform
6.1
CVSSv3
CVE-2017-11355
Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and previous versions allow remote malicious users to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) beanReference parameter to the JavaBean viewer page; or the (3) p...
Pega Pega Platform
1 EDB exploit
4.3
CVSSv3
CVE-2019-16388
PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account. NOTE: The vendor states that this vulnerability exists using an administrator acco...
Pega Pega Platform 8.3
8.1
CVSSv3
CVE-2019-16387
PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchema_ListDatabases request while using a low-privilege account. (This can perform actions and retrieve data that only an administrator should have access to.) NOTE: Th...
Pega Pega Platform 8.3
9.8
CVSSv3
CVE-2020-15390
pyActivity in Pega Platform 8.4.0.237 has a security misconfiguration that leads to an improper access control vulnerability via =GetWebInfo.
Pega Pega Platform 8.4.0.237
6.1
CVSSv3
CVE-2023-32088
Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation
Pega Platform
6.1
CVSSv3
CVE-2023-32089
Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description
Pega Platform
8.9
CVSSv3
CVE-2020-8775
Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags.
Pega Platform
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-7073
CVE-2024-5496
CVE-2024-5495
XPath injection
bypass
CVE-2024-30043
CVE-2024-24919
denial of service
CVE-2024-35468
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
NEXT »