Pega: >> Pega Platform >> 6.1 Security Vulnerabilities
Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation.
CVSS Score
7.7
EPSS Score
0.001
Published
2024-03-14
Pega platform clients who are using versions 6.1 through 7.3.1 may be
utilizing default credentials
CVSS Score
9.8
EPSS Score
0.002
Published
2023-08-07
Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials.
CVSS Score
8.1
EPSS Score
0.002
Published
2023-06-22
Pega Platform before 8.4.0 has a XSS issue via stream rule parameters used in the request header.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-11-09
Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID" function.
CVSS Score
8.8
EPSS Score
0.005
Published
2020-04-29
Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) beanReference parameter to the JavaBean viewer page; or the (3) pyTableName to the System database schema modification page.
CVSS Score
6.1
EPSS Score
0.022
Published
2017-08-02
The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by leveraging a missing access control.
CVSS Score
6.5
EPSS Score
0.03
Published
2017-08-02