Pega Platform
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Pega Platform.
By the Year
In 2026 there have been 0 vulnerabilities in Pega Platform. Platform did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 2 | 7.35 |
| 2023 | 5 | 7.58 |
| 2022 | 1 | 6.10 |
| 2021 | 0 | 0.00 |
| 2020 | 3 | 9.80 |
It may take a day or so for new Platform vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Pega Platform Security Vulnerabilities
Pega Platform XSS via redirect param (8.5.48.8.3)
CVE-2023-50166
6.1 - Medium
- January 31, 2024
Pega Platform from 8.5.4 to 8.8.3 is affected by an XSS issue with an unauthenticated user and the redirect parameter.
XSS
Pega Platform PDF Injection Disclosure 8.2.123.1.0
CVE-2023-50165
8.6 - High
- January 31, 2024
Pega Platform versions 8.2.1 to Infinity 23.1.0 are affected by an Generated PDF issue that could expose file contents.
SSRF
Pega Platform 8.18.8.2 XSS via Pin description
CVE-2023-32089
6.1 - Medium
- October 18, 2023
Pega Platform versions 8.1 to 8.8.2 are affected by an XSS issue with Pin description
XSS
Pega Platform XSS: Ad-Hoc Case Creation <23.1 (fixed in 23.1)
CVE-2023-32088
6.1 - Medium
- October 18, 2023
Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with ad-hoc case creation
XSS
XSS in Pega Platform 8.1+ (task creation)
CVE-2023-32087
6.1 - Medium
- October 18, 2023
Pega Platform versions 8.1 to Infinity 23.1.0 are affected by an XSS issue with task creation
XSS
Pega Platform <7.3.1 Default Credentials Vulnerability
CVE-2023-32090
9.8 - Critical
- August 07, 2023
Pega platform clients who are using versions 6.1 through 7.3.1 may be utilizing default credentials
authentification
Pega Platform v7.4-8.8.x default creds after pre-8.x upgrade
CVE-2023-28094
9.8 - Critical
- June 22, 2023
Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials.
Pega Platform 7.3-8.7.3 Datapage XSS Vulnerability
CVE-2022-35655
6.1 - Medium
- August 22, 2022
Pega Platform from 7.3 to 8.7.3 is affected by an XSS issue due to a misconfiguration of a datapage setting.
XSS
Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length
CVE-2019-16374
9.8 - Critical
- August 13, 2020
Pega Platform 8.2.1 allows LDAP injection because a username can contain a * character and can be of unlimited length. An attacker can specify four characters of a username, followed by the * character, to bypass access control.
Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags.
CVE-2020-8775
- April 29, 2020
Pega Platform before version 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the comment tags.
The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability.
CVE-2020-8773
- April 29, 2020
The Richtext Editor in Pega Platform before 8.2.6 is affected by a Stored Cross-Site Scripting (XSS) vulnerability.
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Pega Platform or by Pega? Click the Watch button to subscribe.
