Pega ≫ Pega Platform

Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference issue in a user interface component that can only be used to read data.

Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component.  Requires a high privileged user with a developer role.

Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup

Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup

Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile.

Pega Platform from 6.x to 8.8.4 is affected by an XXE issue with PDF Generation.

Pega Platform from 7.1.7 to 23.1.1 is affected by an XSS issue with editing/rendering user html content.

Pega Platform versions 7.1 to 8.8.3 are affected by an HTML Injection issue with a name field utilized in Visual Business Director, however this field can only be modified by an authenticated administrative user.

Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials

Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials.