Pegasystems Pega Infinity
24 CVEs affecting Pegasystems Pega Infinity. Latest disclosed: 2026-04-15. Critical: 4, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-24083 | Critical | 9.8 | 2022-07-25 | Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks. |
CVE-2022-24082 | Critical | 9.8 | 2022-07-19 | If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly… |
CVE-2021-27651 | Critical | 9.8 | 2021-04-29 | In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks. |
CVE-2024-10094 | Critical | 9.1 | 2024-11-20 | Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of Code |
CVE-2021-27654 | High | 8.8 | 2022-01-28 | Forgotten password reset functionality for local accounts can be used to bypass local authentication checks. |
CVE-2025-2160 | High | 8.1 | 2025-04-14 | Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup |
CVE-2023-26465 | High | 8.0 | 2023-06-09 | Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue. |
CVE-2025-2161 | High | 7.1 | 2025-04-14 | Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup |
CVE-2022-35656 | Medium | 6.8 | 2022-08-22 | Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly. |
CVE-2025-9559 | Medium | 6.5 | 2025-10-16 | Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference issue in a user interface component that can only be used to… |
CVE-2022-35655 | Medium | 6.1 | 2022-08-22 | Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting. |
CVE-2022-35654 | Medium | 6.1 | 2022-08-22 | Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter. |
CVE-2024-10716 | Medium | 5.9 | 2024-12-05 | Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search. |
CVE-2025-8681 | Medium | 5.5 | 2025-09-10 | Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component. Requires a high privileged user with a devel… |
CVE-2024-6701 | Medium | 5.5 | 2024-09-12 | Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type. |
CVE-2024-6700 | Medium | 5.5 | 2024-09-12 | Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name. |
CVE-2024-12211 | Medium | 5.4 | 2025-01-13 | Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile. |
CVE-2025-62181 | Medium | 5.3 | 2025-12-10 | Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration. This issue occurs during user authentication process, where a differe… |
CVE-2024-6702 | Medium | 5.2 | 2024-09-12 | Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage. |
CVE-2026-1711 | | 2026-04-15 | Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-Site Scripting vulnerability in a user interface component. Requires a high privileg… |