Vulnerabilities > Pega > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-31 | CVE-2023-50165 | Server-Side Request Forgery (SSRF) vulnerability in Pega Platform Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Generated PDF issue that could expose file contents. | 8.6 |
| 2021-04-29 | CVE-2021-27651 | Improper Authentication vulnerability in Pega Infinity In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks. | 7.5 |
| 2021-04-12 | CVE-2020-15390 | Improper Privilege Management vulnerability in Pega Platform 8.4.0.237 pyActivity in Pega Platform 8.4.0.237 has a security misconfiguration that leads to an improper access control vulnerability via =GetWebInfo. | 7.5 |
| 2020-08-13 | CVE-2019-16374 | Unspecified vulnerability in Pega Platform 8.1.7/8.1.8/8.2.1 Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. | 7.5 |
| 2019-11-26 | CVE-2019-16387 | Exposure of Resource to Wrong Sphere vulnerability in Pega Platform 8.3 PEGA Platform 8.3.0 is vulnerable to a direct prweb/sso/random_token/!STANDARD?pyActivity=Data-Admin-DB-Name.DBSchema_ListDatabases request while using a low-privilege account. | 8.1 |