Pega Infinity
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Pega Infinity.
By the Year
In 2026 there have been 0 vulnerabilities in Pega Infinity. Infinity did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 5 | 5.80 |
| 2023 | 0 | 0.00 |
| 2022 | 3 | 9.13 |
| 2021 | 2 | 7.35 |
It may take a day or so for new Infinity vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Pega Infinity Security Vulnerabilities
XSS via Search in Pega Platform (v8.124.2.0)
CVE-2024-10716
4.8 - Medium
- December 05, 2024
Pega Platform versions 8.1 to Infinity 24.2.0 are affected by an XSS issue with search.
XSS
Pega Platform Improper Code Generation Vulnerability
CVE-2024-10094
9.8 - Critical
- November 20, 2024
Pega Platform versions 6.x to Infinity 24.1.1 are affected by an issue with Improper Control of Generation of Code
Code Injection
Pega Platform <=24.1.2: Stage HTML Injection (CVE-2024-6702)
CVE-2024-6702
4.8 - Medium
- September 12, 2024
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage.
XSS
Pega Platform XSS in Case Type (8.124.1.2)
CVE-2024-6701
4.8 - Medium
- September 12, 2024
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type.
XSS
XSS in App Name on Pega Platform 8.1-24.1.2
CVE-2024-6700
4.8 - Medium
- September 12, 2024
Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name.
XSS
Windows Local Auth Bypass via Password
CVE-2022-24083
9.8 - Critical
- July 25, 2022
Password authentication bypass vulnerability for local accounts can be used to bypass local authentication checks.
If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured
CVE-2022-24082
9.8 - Critical
- July 19, 2022
If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect systems running on PegaCloud due to its design and architecture.
Marshaling, Unmarshaling
Forgotten password reset functionality for local accounts
CVE-2021-27654
7.8 - High
- January 28, 2022
Forgotten password reset functionality for local accounts can be used to bypass local authentication checks.
Weak Password Recovery Mechanism for Forgotten Password
In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts
CVE-2021-27651
9.8 - Critical
- April 29, 2021
In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks.
authentification
Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure.
CVE-2021-27653
4.9 - Medium
- April 01, 2021
Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Pega Infinity or by Pega? Click the Watch button to subscribe.
