Total
3 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-16374 | 1 Pega | 1 Platform | 2020-08-19 | 7.5 HIGH | 9.8 CRITICAL |
| Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control. | |||||
| CVE-2020-8773 | 1 Pega | 1 Platform | 2020-04-30 | 6.0 MEDIUM | 8.9 HIGH |
| The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability. | |||||
| CVE-2020-8775 | 1 Pega | 1 Platform | 2020-04-30 | 6.0 MEDIUM | 8.9 HIGH |
| Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags. | |||||