Pegasystems Pega Platform
10 CVEs affecting Pegasystems Pega Platform. Latest disclosed: 2024-03-14. Critical: 1, High: 3.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-32090 | Critical | 9.8 | 2023-08-07 | Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials |
CVE-2023-50165 | High | 8.5 | 2024-01-31 | Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Generated PDF issue that could expose file contents. |
CVE-2023-28094 | High | 8.1 | 2023-06-22 | Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials. |
CVE-2023-50168 | High | 7.7 | 2024-03-14 | Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation. |
CVE-2023-50166 | Medium | 6.1 | 2024-01-31 | Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter. |
CVE-2023-50167 | Medium | 5.4 | 2024-03-06 | Pega Platform from 7.1.7 to 23.1.1 is affected by an XSS issue with editing/rendering user html content. |
CVE-2023-32089 | Medium | 4.6 | 2023-10-18 | Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description |
CVE-2023-32088 | Medium | 4.6 | 2023-10-18 | Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation |
CVE-2023-32087 | Medium | 4.6 | 2023-10-18 | Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation |
CVE-2023-4843 | Medium | 4.3 | 2023-09-08 | Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however this field can only… |