Vulnerabilidades em Pegasystems
41 resultadosCVE-2021-27651CRITICALIn versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authenticaEPSS 53.8%CVE-2022-24082CRITICALIf an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filterEPSS 9.1%CVE-2023-28093HIGHA user with a compromised configuration can start an unsigned binary as a service.EPSS 1.4%CVE-2022-24083CRITICALPassword authentication bypass vulnerability for local accounts can be used to bypass local authentication checks.EPSS 0.8%CVE-2021-27654HIGHForgotten password reset functionality for local accounts can be used to bypass local authentication checks.EPSS 0.6%CVE-2023-26467HIGHA man in the middle can redirect traffic to a malicious server in a compromised configuration.EPSS 0.6%CVE-2023-28094HIGHPega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credenEPSS 0.5%CVE-2023-32090CRITICALPega platform clients who are using versions 6.1 through 7.3.1 may be
utilizing default credentials
EPSS 0.5%CVE-2024-10094CRITICALPega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of CodeEPSS 0.5%CVE-2023-26465HIGHPega Platform versions 7.2 to 8.8.1 are affected by an XSS issue.EPSS 0.4%CVE-2022-35654MEDIUMPega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter.EPSS 0.4%CVE-2025-62181MEDIUMPega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration where during user authentication process, a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not.EPSS 0.4%CVE-2022-35655MEDIUMPega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting.EPSS 0.4%CVE-2023-50168HIGHPega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation.EPSS 0.4%CVE-2025-9559MEDIUMPega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference issue in a user interface component that can only be used to read dataEPSS 0.4%CVE-2023-50165HIGHPega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Generated PDF issue that could expose file contents.EPSS 0.3%CVE-2023-50166MEDIUMPega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter.EPSS 0.3%CVE-2026-1078HIGHAn arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robotic Automation version 22.1 or R25 users who are running automations that work with Google Chrome or Microsoft Edge.EPSS 0.3%CVE-2026-0898CRITICALAn arbitrary file-write vulnerability in Pega Browser Extension (PBE) affects Pega Robot Studio developers who are automating Google Chrome and Microsoft Edge using either version 22.1 or R25.EPSS 0.3%CVE-2024-12211MEDIUMPega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile.EPSS 0.3%