Skip to main content

We'd prefer it if you saw us at our best.

Pega.com is not optimized for Internet Explorer. For the optimal experience, please use:

Close Deprecation Notice

Security Bulletins

Our clients trust Pega to prevent security events, protect their data, and adhere to the most stringent global compliance standards. To earn that trust, we’re fully committed to transparency, which is why we’re sharing our security bulletins here.

2021 Security Bulletin

Open Accordion Close Accordion

ID

CVE-2021-27651

Score

9.8

Summary

In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks.

Open Accordion Close Accordion

ID

CVE-2020-15390

Score

9.8

Summary

pyActivity in Pega Platform 8.4.0.237 has a security misconfiguration that leads to an improper access control vulnerability via =GetWebInfo.

Open Accordion Close Accordion

ID

CVE-2021-27653

Score

6.6

Summary

Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure.

2020 Security Bulletin

Open Accordion Close Accordion

ID

CVE-2020-23957

Score

4.3

Summary

Pega Platform through 8.4.x is affected by Cross Site Scripting (XSS) via the ConnectionID parameter, as demonstrated by a pyActivity=Data-TRACERSettings.pzStartTracerSession request to a PRAuth URI.

Open Accordion Close Accordion

ID

CVE-2020-24353

Score

4.3

Summary

Pega Platform before 8.4.0 has a XSS issue via stream rule parameters used in the request header.

Open Accordion Close Accordion

ID

CVE-2019-16374

Score

7.5

Summary

Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control.

Open Accordion Close Accordion

ID

CVE-2020-8775

Score

6

Summary

Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags.

Open Accordion Close Accordion

ID

CVE-2020-8774

Score

6.8

Summary

Pega Platform before version 8.2.6 is affected by a Reflected Cross-Site Scripting vulnerability in the "ActionStringID" function.

Open Accordion Close Accordion

ID

CVE-2020-8773

Score

6

Summary

The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability.

Compartir esta página Share via LinkedIn Copying...