CVE-2022-35656
https://notcve.org/view.php?id=CVE-2022-35656
Pega Platform from 8.3 to 8.7.3 vulnerability may allow authenticated security administrators to alter CSRF settings directly. La vulnerabilidad de Pega Platform versiones desde 8.3 a 8.7.3, puede permitir a administradores de seguridad autenticados alterar la configuración de tipo CSRF directamente. • https://support.pega.com/support-doc/pega-security-advisory-d22-e22-f22-vulnerabilities-%E2%80%93-hotfix-matrix • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2022-35655
https://notcve.org/view.php?id=CVE-2022-35655
Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting. Pega Platform versiones desde 7.3 a 8.7.3, está afectada por un problema de tipo XSS debido a una configuración errónea de un ajuste de la página de datos. • https://support.pega.com/support-doc/pega-security-advisory-d22-e22-f22-vulnerabilities-%E2%80%93-hotfix-matrix • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-35654
https://notcve.org/view.php?id=CVE-2022-35654
Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter. Pega Platform versiones desde 8.5.4 a 8.7.3, está afectada por un problema de tipo XSS con un usuario no autenticado y el parámetro de redireccionamiento. • https://support.pega.com/support-doc/pega-security-advisory-d22-e22-f22-vulnerabilities-%E2%80%93-hotfix-matrix • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-15390
https://notcve.org/view.php?id=CVE-2020-15390
pyActivity in Pega Platform 8.4.0.237 has a security misconfiguration that leads to an improper access control vulnerability via =GetWebInfo. pyActivity en Pega Platform versión 8.4.0.237, tiene una configuración inapropiada de seguridad que conlleva a una vulnerabilidad de control de acceso inapropiado por medio de =GetWebInfo • https://jayaramyalla.medium.com/sensitive-information-disclosure-due-to-improper-access-control-cve-2020-15390-124573c15824 • CWE-269: Improper Privilege Management •
CVE-2020-23957
https://notcve.org/view.php?id=CVE-2020-23957
Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS) via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI. Pega Platform versiones hasta 8.4.x, está afectada por una vulnerabilidad de tipo Cross Site Scripting (XSS) por medio del parámetro ConnectionID, como es demostrado por una petición pyActivity=Data-TRACERSettings.pzStartTracerSession hacia un URI PRAuth • https://jayaramyalla.medium.com/cross-site-scripting-in-pega-cve-2020-23957-16d1c417da5f • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •