Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Fri, 13 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Pega
Pega infinity
Weaknesses CWE-79
CPEs cpe:2.3:a:pega:infinity:*:*:*:*:*:*:*:*
Vendors & Products Pega
Pega infinity

Thu, 12 Sep 2024 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 12 Sep 2024 14:45:00 +0000

Type Values Removed Values Added
Description Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage.
Weaknesses CWE-74
References
Metrics cvssV3_1

{'score': 5.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:L/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: Pega

Published:

Updated: 2024-09-12T15:04:50.576Z

Reserved: 2024-07-11T18:55:54.085Z

Link: CVE-2024-6702

cve-icon Vulnrichment

Updated: 2024-09-12T15:04:46.038Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-12T15:18:27.133

Modified: 2024-09-13T16:07:22.420

Link: CVE-2024-6702

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.