CVE-2019-16386
- EPSS 0.24%
- Veröffentlicht 26.11.2019 18:15:15
- Zuletzt bearbeitet 21.11.2024 04:30:36
PEGA Platform 7.x and 8.x is vulnerable to Information disclosure via a direct prweb/sso/random_token/!STANDARD?pyActivity=GetWebInfo&target=popup&pzHarnessID=random_harness_id request to get database schema information while using a low-privilege ac...
CVE-2017-17478
- EPSS 0.26%
- Veröffentlicht 27.02.2018 15:29:00
- Zuletzt bearbeitet 21.11.2024 03:18:00
An XSS issue was discovered in Designer Studio in Pegasystems Pega Platform 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2, 7.2.1, and 7.2.2. A user with developer credentials can insert malicious code (up to 64 characters) into a text field in Designer Studio, af...
CVE-2017-11355
- EPSS 2.83%
- Veröffentlicht 02.08.2017 19:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
Multiple cross-site scripting (XSS) vulnerabilities in PEGA Platform 7.2 ML0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) PATH_INFO to the main page; the (2) beanReference parameter to the JavaBean viewer page...
CVE-2017-11356
- EPSS 3.03%
- Veröffentlicht 02.08.2017 19:29:00
- Zuletzt bearbeitet 20.04.2025 01:37:25
The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by leveraging a missing access control.