Pegasystems

Pega Platform

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.1

CVE-2025-62180

  • EPSS 0.22%
  • Veröffentlicht 23.06.2026 14:48:36
  • Zuletzt bearbeitet 23.06.2026 19:34:58

Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs.

4.8

CVE-2026-1711

  • EPSS 0.19%
  • Veröffentlicht 15.04.2026 21:32:51
  • Zuletzt bearbeitet 23.04.2026 20:01:09

Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-Site Scripting vulnerability in a user interface component. Requires a high privileged user with a developer role.

4.8

CVE-2026-1564

  • EPSS 0.19%
  • Veröffentlicht 15.04.2026 21:31:19
  • Zuletzt bearbeitet 23.04.2026 20:02:20

Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a user interface component. Requires a high privileged user with a developer role.

3.4

CVE-2025-62184

  • EPSS 0.26%
  • Veröffentlicht 31.03.2026 17:52:07
  • Zuletzt bearbeitet 03.04.2026 12:49:16

Pega Platform versions 8.1.0 through 25.1.0 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality is low and Integrity ...

4.8

CVE-2025-62183

  • EPSS 0.25%
  • Veröffentlicht 17.02.2026 22:53:22
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality and Integrity are low...

5.3

CVE-2025-62181

  • EPSS 0.41%
  • Veröffentlicht 10.12.2025 20:41:08
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username i...

6.5

CVE-2025-9559

  • EPSS 0.37%
  • Veröffentlicht 16.10.2025 15:28:18
  • Zuletzt bearbeitet 30.10.2025 16:15:26

Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference issue in a user interface component that can only be used to read data.

5.4

CVE-2025-8681

  • EPSS 0.18%
  • Veröffentlicht 10.09.2025 16:00:15
  • Zuletzt bearbeitet 29.10.2025 18:14:25

Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component.  Requires a high privileged user with a developer role.

6.1

CVE-2025-2161

  • EPSS 0.22%
  • Veröffentlicht 14.04.2025 14:19:37
  • Zuletzt bearbeitet 30.10.2025 19:11:54

Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup

6.1

CVE-2025-2160

  • EPSS 0.22%
  • Veröffentlicht 14.04.2025 14:16:34
  • Zuletzt bearbeitet 30.10.2025 19:01:19

Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup