Vulnerabilities > Pega

DATE CVE VULNERABILITY TITLE RISK
2020-11-09 CVE-2020-24353 Cross-site Scripting vulnerability in Pega Platform
Pega Platform before 8.4.0 has a XSS issue via stream rule parameters used in the request header.
network
pega CWE-79
4.3
2020-08-13 CVE-2019-16374 Unspecified vulnerability in Pega Platform 8.1.7/8.1.8/8.2.1
Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length.
network
low complexity
pega
7.5
2020-04-29 CVE-2020-8775 Cross-site Scripting vulnerability in Pega Platform
Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags.
network
pega CWE-79
6.0
2020-04-29 CVE-2020-8774 Cross-site Scripting vulnerability in Pega Platform
Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID" function.
network
pega CWE-79
6.8
2020-04-29 CVE-2020-8773 Cross-site Scripting vulnerability in Pega Platform
The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability.
network
pega CWE-79
6.0
2019-11-26 CVE-2019-16388 Forced Browsing vulnerability in Pega Platform 8.3
PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account.
network
low complexity
pega CWE-425
4.3
2019-11-26 CVE-2019-16387 Exposure of Resource to Wrong Sphere vulnerability in Pega Platform 8.3
PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchema_ListDatabases request while using a low-privilege account.
network
low complexity
pega CWE-668
8.1
2019-11-26 CVE-2019-16386 Forced Browsing vulnerability in Pega Platform
PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get database schema information while using a low-privilege account.
network
low complexity
pega CWE-425
4.3
2018-02-27 CVE-2017-17478 Cross-site Scripting vulnerability in Pega Platform
An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2, 7.2.1, and 7.2.2.
network
pega CWE-79
3.5
2017-08-02 CVE-2017-11356 Information Exposure vulnerability in Pega Platform
The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by leveraging a missing access control.
network
low complexity
pega CWE-200
4.0