CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26466
https://notcve.org/view.php?id=CVE-2023-26466
10 Apr 2023 — A user with non-Admin access can change a configuration file on the client to modify the Server URL. • https://support.pega.com/support-doc/pega-security-advisory-b23-robotics-and-workforce-intelligence-local-privilege • CWE-285: Improper Authorization •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-28093
https://notcve.org/view.php?id=CVE-2023-28093
10 Apr 2023 — A user with a compromised configuration can start an unsigned binary as a service. • https://support.pega.com/support-doc/pega-security-advisory-b23-robotics-and-workforce-intelligence-local-privilege • CWE-295: Improper Certificate Validation •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35656
https://notcve.org/view.php?id=CVE-2022-35656
22 Aug 2022 — Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly. La vulnerabilidad de Pega Platform versiones desde 8.3 a 8.7.3, puede permitir a administradores de seguridad autenticados alterar la configuración de tipo CSRF directamente. • https://support.pega.com/support-doc/pega-security-advisory-d22-e22-f22-vulnerabilities-%E2%80%93-hotfix-matrix • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35655
https://notcve.org/view.php?id=CVE-2022-35655
22 Aug 2022 — Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting. Pega Platform versiones desde 7.3 a 8.7.3, está afectada por un problema de tipo XSS debido a una configuración errónea de un ajuste de la página de datos. • https://support.pega.com/support-doc/pega-security-advisory-d22-e22-f22-vulnerabilities-%E2%80%93-hotfix-matrix • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2022-35654
https://notcve.org/view.php?id=CVE-2022-35654
22 Aug 2022 — Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter. Pega Platform versiones desde 8.5.4 a 8.7.3, está afectada por un problema de tipo XSS con un usuario no autenticado y el parámetro de redireccionamiento. • https://support.pega.com/support-doc/pega-security-advisory-d22-e22-f22-vulnerabilities-%E2%80%93-hotfix-matrix • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2022-24083
https://notcve.org/view.php?id=CVE-2022-24083
25 Jul 2022 — Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks. Una vulnerabilidad de omisión de autenticación de contraseñas para cuentas locales puede ser usada para omitir las comprobaciones de autenticación local • https://support.pega.com/support-doc/pega-security-advisory-c22-vulnerability-%E2%80%93-hotfix-matrix-0 • CWE-285: Improper Authorization •
CVSS: 10.0EPSS: 21%CPEs: 1EXPL: 3CVE-2022-24082 – Pega Platform 8.1.0 - Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2022-24082
19 Jul 2022 — If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect systems running on PegaCloud due to its design and architecture. Si una instalación local de Pega Platform está configurada con el puerto de la interfaz JMX expuesto a Internet y el filtrado de puertos no está configurado apropiadam... • https://packetstorm.news/files/id/169480 • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-27654
https://notcve.org/view.php?id=CVE-2021-27654
28 Jan 2022 — Forgotten password reset functionality for local accounts can be used to bypass local authentication checks. La funcionalidad Forgotten password reset para cuentas locales puede ser usada para omitir las comprobaciones de autenticación local • https://collaborate.pega.com/discussion/pega-security-advisory-c21 • CWE-640: Weak Password Recovery Mechanism for Forgotten Password •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2021-43561
https://notcve.org/view.php?id=CVE-2021-43561
10 Nov 2021 — An XSS issue was discovered in the google_for_jobs (aka Google for Jobs) extension before 1.5.1 and 2.x before 2.1.1 for TYPO3. The extension fails to properly encode user input for output in HTML context. A TYPO3 backend user account is required to exploit the vulnerability. Se ha detectado un problema de tipo XSS en la extensión google_for_jobs (también se conoce como Google for Jobs) versiones anteriores a 1.5.1 y versiones 2.x anteriores a 2.1.1 para TYPO3. La extensión no codifica correctamente la entr... • https://typo3.org/security/advisory/typo3-ext-sa-2021-015 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 9.8EPSS: 90%CPEs: 1EXPL: 3CVE-2021-27651
https://notcve.org/view.php?id=CVE-2021-27651
29 Apr 2021 — In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks. En versiones 8.2.1 hasta 8.5.2 de Pega Infinity, la funcionalidad password reset para cuentas locales puede ser usada para omitir las comprobaciones de autenticación locales • https://github.com/samwcyo/CVE-2021-27651-PoC • CWE-287: Improper Authentication •