Vulnerabilities > Pega

DATE CVE VULNERABILITY TITLE RISK
2019-11-26 CVE-2019-16388 Forced Browsing vulnerability in Pega Platform 8.3
PEGA Platform 8.3.0 is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyStream=MyAlerts request to get Audit Log information while using a low-privilege account.
network
low complexity
pega CWE-425
4.3
2019-11-26 CVE-2019-16387 Exposure of Resource to Wrong Sphere vulnerability in Pega Platform 8.3
PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchema_ListDatabases request while using a low-privilege account.
network
low complexity
pega CWE-668
8.1
2019-11-26 CVE-2019-16386 Forced Browsing vulnerability in Pega Platform
PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get database schema information while using a low-privilege account.
network
low complexity
pega CWE-425
4.3
2018-02-27 CVE-2017-17478 Cross-site Scripting vulnerability in Pega Platform
An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2, 7.2.1, and 7.2.2.
network
low complexity
pega CWE-79
4.8
2017-08-02 CVE-2017-11356 Information Exposure vulnerability in Pega Platform
The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by leveraging a missing access control.
network
low complexity
pega CWE-200
6.5
2017-08-02 CVE-2017-11355 Cross-site Scripting vulnerability in Pega Platform
Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) beanReference parameter to the JavaBean viewer page; or the (3) pyTableName to the System database schema modification page.
network
low complexity
pega CWE-79
6.1