Every CVE whose affected-product data names Pega Infinity, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (10)
CVE-2022-24082 — CVSS 9.8 (critical): If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port…
CVE-2021-27651 — CVSS 9.8 (critical): In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local…
CVE-2022-24083 — CVSS 9.8 (critical): Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks.
CVE-2024-10094 — CVSS 9.1 (critical): Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of Code
CVE-2021-27654 — CVSS 7.8 (high): Forgotten password reset functionality for local accounts can be used to bypass local authentication checks.
CVE-2021-27653 — CVSS 6.6 (medium): Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure.