Infinity

infinity

Vendor: Pega • 10 CVEs

CVEs (10)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-10716 1Pega 1Infinity Mar 10, 2025 Dec 5, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search.
CVE-2024-10094 1Pega 1Infinity Mar 10, 2025 Nov 20, 2024 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of Code
CVE-2024-6702 1Pega 1Infinity Sep 13, 2024 Sep 12, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage.
CVE-2024-6701 1Pega 1Infinity Sep 13, 2024 Sep 12, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type.
CVE-2024-6700 1Pega 1Infinity Sep 13, 2024 Sep 12, 2024 N/A· v4 4.8 MEDIUM· v3 N/A· v2 Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name.
CVE-2022-24083 1Pega 1Infinity Nov 21, 2024 Jul 25, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks.
CVE-2022-24082 1Pega 1Infinity Nov 21, 2024 Jul 19, 2022 N/A· v4 9.8 CRITICAL· v3 N/A· v2 If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized pay...Show more If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect systems running on PegaCloud due to its design and architecture.Show less
CVE-2021-27654 1Pega 1Infinity Nov 21, 2024 Jan 28, 2022 N/A· v4 7.8 HIGH· v3 4.6 MEDIUM· v2 Forgotten password reset functionality for local accounts can be used to bypass local authentication checks.
CVE-2021-27651 1Pega 1Infinity Nov 21, 2024 Apr 29, 2021 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks.
CVE-2021-27653 1Pega 1Infinity Nov 21, 2024 Apr 1, 2021 N/A· v4 4.9 MEDIUM· v3 4.0 MEDIUM· v2 Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure.