CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-4843
https://notcve.org/view.php?id=CVE-2023-4843
Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however this field can only be modified by an authenticated administrative user. Las versiones 7.1 a 8.8.3 de Pega Platform se ven afectadas por un problema de Inyección HTML con un campo de nombre utilizado en Visual Business Director, sin embargo, este campo solo puede ser modificado por un usuario administrativo autenticado. • https://support.pega.com/support-doc/pega-security-advisory-%E2%80%93-d23-vulnerability-remediation-note? • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-32090
https://notcve.org/view.php?id=CVE-2023-32090
Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials • https://support.pega.com/support-doc/pega-security-advisory-%E2%80%93-c23-vulnerability-default-operators • CWE-287: Improper Authentication CWE-1393: Use of Default Password •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28094
https://notcve.org/view.php?id=CVE-2023-28094
Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials. • https://support.pega.com/support-doc/pega-security-advisory-%E2%80%93-c23-vulnerability-default-operators? • CWE-1393: Use of Default Password •
CVSS: 8.0EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26465
https://notcve.org/view.php?id=CVE-2023-26465
Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue. Las versiones 7.2 a 8.8.1 de Pega Platform están afectadas por un problema de Cross-Site Scripting (XSS). • https://support.pega.com/support-doc/pega-security-advisory-a23-vulnerability-remediation-note • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35656
https://notcve.org/view.php?id=CVE-2022-35656
Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly. La vulnerabilidad de Pega Platform versiones desde 8.3 a 8.7.3, puede permitir a administradores de seguridad autenticados alterar la configuración de tipo CSRF directamente. • https://support.pega.com/support-doc/pega-security-advisory-d22-e22-f22-vulnerabilities-%E2%80%93-hotfix-matrix • CWE-352: Cross-Site Request Forgery (CSRF) •