CSRF Vulnerability in Pega Platform by Pegasystems
CVE-2022-35656

6.8MEDIUM

Key Information:

Vendor: Pegasystems
Status: Pega Infinity
Vendor: CVE Published:; 22 August 2022

🔔 Create Pegasystems Vulnerability Alert

What is CVE-2022-35656?

The Pega Platform, spanning versions 8.3 through 8.7.3, presents a security risk where authenticated security administrators may unintentionally alter Cross-Site Request Forgery (CSRF) settings directly. This vulnerability raises concerns about potential unauthorized actions being executed within the application, necessitating immediate attention to security practices and updates.

Affected Version(s)

Pega Infinity 8.3

Pega Infinity < 8.7.3

References

https://support.pega.com/support-doc/pega-security-adviso...

x_refsource_MISC

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

CVSS V3.0

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 22, 2022
Vulnerability Reserved
Jul 12, 2022

Credit

Kane Gamble from Blackfoot UK

CVE-2022-35656 Data

JSON