Vulnerabilities > Pega > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-31 | CVE-2023-50165 | Server-Side Request Forgery (SSRF) vulnerability in Pega Platform Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Generated PDF issue that could expose file contents. | 8.6 |
| 2023-04-10 | CVE-2023-26466 | Unspecified vulnerability in Pega Synchronization Engine A user with non-Admin access can change a configuration file on the client to modify the Server URL. | 7.8 |
| 2022-01-28 | CVE-2021-27654 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in Pega Infinity Forgotten password reset functionality for local accounts can be used to bypass local authentication checks. | 7.8 |
| 2020-04-29 | CVE-2020-8775 | Cross-site Scripting vulnerability in Pega Platform Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags. | 8.9 |
| 2020-04-29 | CVE-2020-8774 | Cross-site Scripting vulnerability in Pega Platform Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID" function. | 8.8 |
| 2020-04-29 | CVE-2020-8773 | Cross-site Scripting vulnerability in Pega Platform The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability. | 8.9 |
| 2019-11-26 | CVE-2019-16387 | Exposure of Resource to Wrong Sphere vulnerability in Pega Platform 8.3 PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchema_ListDatabases request while using a low-privilege account. | 8.1 |