Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Pega_platform
(Pega)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 16 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2021-04-12 | CVE-2020-15390 | pyActivity in Pega Platform 8.4.0.237 has a security misconfiguration that leads to an improper access control vulnerability via =GetWebInfo. | Pega_platform | 9.8 | ||
2020-12-15 | CVE-2020-23957 | Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS) via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI. | Pega_platform | 6.1 | ||
2020-11-09 | CVE-2020-24353 | Pega Platform before 8.4.0 has a XSS issue via stream rule parameters used in the request header. | Pega_platform | 6.1 | ||
2018-02-27 | CVE-2017-17478 | An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2, 7.2.1, and 7.2.2. A user with developer credentials can insert malicious code (up to 64 characters) into a text field in Designer Studio, after establishing context. Designer Studio is the developer workbench for Pega Platform. That XSS payload will execute when other developers visit the affected pages. | Pega_platform | 4.8 | ||
2017-08-02 | CVE-2017-11356 | The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by leveraging a missing access control. | Pega_platform | 6.5 | ||
2017-08-02 | CVE-2017-11355 | Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) beanReference parameter to the JavaBean viewer page; or the (3) pyTableName to the System database schema modification page. | Pega_platform | 6.1 |