Vulnerabilities > Pega
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-28 | CVE-2021-27654 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Pega Infinity Forgotten password reset functionality for local accounts can be used to bypass local authentication checks. | 7.8 |
| 2021-04-29 | CVE-2021-27651 | Improper Authentication vulnerability in Pega Infinity In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks. | 9.8 |
| 2021-04-12 | CVE-2020-15390 | Improper Privilege Management vulnerability in Pega Platform 8.4.0.237 pyActivity in Pega Platform 8.4.0.237 has a security misconfiguration that leads to an improper access control vulnerability via =GetWebInfo. | 9.8 |
| 2021-04-01 | CVE-2021-27653 | Unspecified vulnerability in Pega Infinity Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure. | 4.9 |
| 2020-12-15 | CVE-2020-23957 | Cross-site Scripting vulnerability in Pega Platform Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS) via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI. | 6.1 |
| 2020-11-09 | CVE-2020-24353 | Cross-site Scripting vulnerability in Pega Platform Pega Platform before 8.4.0 has a XSS issue via stream rule parameters used in the request header. | 6.1 |
| 2020-08-13 | CVE-2019-16374 | Unspecified vulnerability in Pega Platform Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. | 9.8 |
| 2020-04-29 | CVE-2020-8775 | Cross-site Scripting vulnerability in Pega Platform Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags. | 8.9 |
| 2020-04-29 | CVE-2020-8774 | Cross-site Scripting vulnerability in Pega Platform Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID" function. | 8.8 |
| 2020-04-29 | CVE-2020-8773 | Cross-site Scripting vulnerability in Pega Platform The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability. | 8.9 |