📦 Pega Platform

Pega Platform versions 6.1 through 7.3.1 contain default operator credentials that could allow attackers to gain unauthorized access. This affects all clients using these versions with default configu...

CVE-2020-15390 is an improper access control vulnerability in Pega Platform's pyActivity component that allows unauthenticated attackers to access sensitive system information via the =GetWebInfo para...

Pega Platform versions 8.4.3 through Infinity 24.2.1 contain a cross-site scripting (XSS) vulnerability in the Mashup component. This allows attackers to inject malicious scripts into web pages viewed...

Pega Platform versions 6.x through 8.8.4 contain an XML External Entity (XXE) vulnerability in PDF generation functionality. This allows attackers to read arbitrary files from the server filesystem or...

Pega Platform versions 7.1.0 through Infinity 24.2.2 contain a stored cross-site scripting (XSS) vulnerability in a user interface component. This allows authenticated high-privilege users with develo...

Pega Platform versions 8.1 through Infinity 24.2.0 contain a stored cross-site scripting (XSS) vulnerability in profile functionality. This allows attackers to inject malicious scripts that execute wh...