Filtered by vendor Pegasystems Subscriptions
Filtered by product Pega Infinity Subscriptions

Search

Switch to Advanced Search (Beta)
Total 6 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2025-62181 1 Pegasystems 1 Pega Infinity 2025-12-12 5.3 Medium
Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by a User Enumeration. This issue occurs during user authentication process, where a difference in response time could allow a remote unauthenticated user to determine if a username is valid or not. This only applies to deprecated basic-authentication feature and other more secure authentication mechanisms are recommended. A fix is being provided in the 24.1.4, 24.2.4, and 25.1.1 patch releases. Please note: Basic credentials authentication service type is deprecated started in 24.2 version: https://docs.pega.com/bundle/platform/page/platform/release-notes/security/whats-new-security-242.html.
CVE-2025-2161 2 Pega, Pegasystems 2 Pega Platform, Pega Infinity 2025-10-30 7.1 High
Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup
CVE-2025-2160 2 Pega, Pegasystems 2 Pega Platform, Pega Infinity 2025-10-30 8.1 High
Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup
CVE-2025-9559 2 Pega, Pegasystems 2 Pega Platform, Pega Infinity 2025-10-30 6.5 Medium
Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference issue in a user interface component that can only be used to read data.
CVE-2025-8681 2 Pega, Pegasystems 2 Pega Platform, Pega Infinity 2025-10-29 5.5 Medium
Pega Platform versions 7.1.0 to Infinity 24.2.2 are affected by a Stored XSS issue in a user interface component.  Requires a high privileged user with a developer role.
CVE-2024-10094 1 Pegasystems 1 Pega Infinity 2024-11-21 9.1 Critical
Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of Code