cbcvebase.

Pegasystems Pega Infinity vulnerabilities

25 known vulnerabilities affecting pegasystems/pega_infinity.

Total CVEs
25
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH2MEDIUM18LOW1

Vulnerabilities

Page 1 of 2
CVE-2021-27651P1CRITICALCVSS 9.8PoC≥ 8.2.1, < unspecified≥ unspecified, < 8.5.22021-04-29
CVE-2021-27651 [CRITICAL] CWE-287 CVE-2021-27651: In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local account In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks.
nvd
CVE-2022-24082P2CRITICALCVSS 9.8PoC≥ 8.1.0, < unspecified≥ unspecified, < 8.7.32022-07-19
CVE-2022-24082 [CRITICAL] CWE-502 CVE-2022-24082: If an on-premise installation of the Pega Platform is configured with the port for the JMX interface If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect systems running on PegaCloud due to its design and architecture.
nvd
CVE-2024-10094P3CRITICALCVSS 9.8≥ 6.1, < 24.1.22024-11-20
CVE-2024-10094 [CRITICAL] CWE-94 CVE-2024-10094: Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Gene Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of Code
nvd
CVE-2022-24083P3CRITICALCVSS 9.8≥ 7.3.1, < unspecified≥ unspecified, < 8.7.22022-07-25
CVE-2022-24083 [CRITICAL] CWE-285 CVE-2022-24083: Password authentication bypass vulnerability for local accounts can be used to bypass local authenti Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks.
nvd
CVE-2021-27654P3HIGHCVSS 7.8≥ 8.2.1, < unspecified≥ unspecified, < 8.6.12022-01-28
CVE-2021-27654 [HIGH] CWE-640 CVE-2021-27654: Forgotten password reset functionality for local accounts can be used to bypass local authentication Forgotten password reset functionality for local accounts can be used to bypass local authentication checks.
nvd
CVE-2025-62180P3HIGHCVSS 7.1≥ 8.3.0, < Infinity 25.1.32026-06-23
CVE-2025-62180 [HIGH] CWE-639 CVE-2025-62180: Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that Pega Platform versions 8.3.0 through Infinity 25.1.2 are affected by an authorization weakness that may allow authenticated users to access certain additional data via crafted URLs.
nvd
CVE-2025-9559P3MEDIUMCVSS 6.5≥ 8.7.5, < Infinity 24.2.32025-10-16
CVE-2025-9559 [MEDIUM] CWE-639 CVE-2025-9559: Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference i Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference issue in a user interface component that can only be used to read data.
nvd
CVE-2025-62181P4MEDIUMCVSS 5.3≥ 7.1.0, < Infinity 25.1.12025-12-10
CVE-2025-62181 [MEDIUM] CWE-204 CVE-2025-62181: Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration. This issue Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. This only applies to deprecated basic-authentication feature and other more secure auth
nvd
CVE-2025-62182P4MEDIUMCVSS 5.3≥ 8.7.0, < Infinity 25.1.12026-01-13
CVE-2025-62182 [MEDIUM] CWE-434 CVE-2025-62182: Pega Customer Service Framework versions 8.7.0 through 25.1.0 are affected by a Unrestricted file up Pega Customer Service Framework versions 8.7.0 through 25.1.0 are affected by a Unrestricted file upload vulnerability, where a privileged user could potentially upload a malicious file.
nvd
CVE-2024-12211P4MEDIUMCVSS 5.4≥ 8.1, < 24.2.12025-01-13
CVE-2024-12211 [MEDIUM] CWE-79 CVE-2024-12211: Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile. Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an Stored XSS issue with profile.
nvd
CVE-2025-8681P4MEDIUMCVSS 5.4≥ 7.1.0, < Infinity 24.2.32025-09-10
CVE-2025-8681 [MEDIUM] CWE-79 CVE-2025-8681: Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interfa Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component. Requires a high privileged user with a developer role.
nvd
CVE-2023-26465P4MEDIUMCVSS 6.1≥ 7.2, < unspecified≥ unspecified, < 8.8.22023-06-09
CVE-2023-26465 [MEDIUM] CWE-79 CVE-2023-26465: Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue. Pega Platform versions 7.2 to 8.8.1 are affected by an XSS issue.
nvd
CVE-2022-35654P4MEDIUMCVSS 6.1≥ 8.5.4, < unspecified≥ unspecified, < 8.7.32022-08-22
CVE-2022-35654 [MEDIUM] CWE-79 CVE-2022-35654: Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the r Pega Platform from 8.5.4 to 8.7.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter.
nvd
CVE-2025-2161P4MEDIUMCVSS 6.1≥ 7.2.1, < 24.2.22025-04-14
CVE-2025-2161 [MEDIUM] CWE-79 CVE-2025-2161: Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup
nvd
CVE-2025-2160P4MEDIUMCVSS 6.1≥ 8.4.3, < 24.2.22025-04-14
CVE-2025-2160 [MEDIUM] CWE-79 CVE-2025-2160: Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup
nvd
CVE-2025-62183P4MEDIUMCVSS 4.8≥ 8.1.0, < Infinity 25.1.12026-02-17
CVE-2025-62183 [MEDIUM] CWE-79 CVE-2025-62183: Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerabil Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-site Scripting vulnerability in a user interface component. Requires an administrative user and given extensive access rights, impact to Confidentiality and Integrity are low.
nvd
CVE-2022-35655P4MEDIUMCVSS 6.1≥ 7.3, < unspecified≥ unspecified, < 8.7.32022-08-22
CVE-2022-35655 [MEDIUM] CWE-79 CVE-2022-35655: Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting.
nvd
CVE-2024-6702P4MEDIUMCVSS 4.8≥ 8.1, < 24.1.32024-09-12
CVE-2024-6702 [MEDIUM] CWE-74 CVE-2024-6702: Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage. Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage.
nvd
CVE-2026-1711P4MEDIUMCVSS 4.8≥ 8.1.0, < Infinity 25.1.22026-04-15
CVE-2026-1711 [MEDIUM] CWE-79 CVE-2026-1711: Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-Site Scripting vulnerabil Pega Platform versions 8.1.0 through 25.1.1 are affected by a Stored Cross-Site Scripting vulnerability in a user interface component. Requires a high privileged user with a developer role.
nvd
CVE-2026-1564P4MEDIUMCVSS 4.8≥ 8.1.0, < Infinity 25.1.22026-04-15
CVE-2026-1564 [MEDIUM] CWE-80 CVE-2026-1564: Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a use Pega Platform versions 8.1.0 through 25.1.1 are affected by an HTML Injection vulnerability in a user interface component. Requires a high privileged user with a developer role.
nvd
Pegasystems Pega Infinity vulnerabilities | cvebase