CVE-2022-24082

Опубликовано: 19 июл. 2022

Источник: nvd

CVSS3: 9.8

EPSS Средний

Описание

If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect systems running on PegaCloud due to its design and architecture.

Ссылки

http://packetstormsecurity.com/files/169480/Pega-Platform-8.7.3-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://support.pega.com/support-doc/pega-security-advisory-b22-vulnerability-%E2%80%93-hotfix-matrix-0
Vendor Advisory
http://packetstormsecurity.com/files/169480/Pega-Platform-8.7.3-Remote-Code-Execution.html
Exploit
Third Party Advisory
VDB Entry
https://support.pega.com/support-doc/pega-security-advisory-b22-vulnerability-%E2%80%93-hotfix-matrix-0
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pega:infinity:*:*:*:*:*:*:*:*

Версия от 8.1.0 (включая) до 8.7.3 (исключая)

EPSS

Процентиль: 97%

0.31462

Средний

9.8 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-502

Связанные уязвимости

GHSA-3crj-j3hg-7v57

CVSS3: 9.8

github

больше 3 лет назад

EPSS

Процентиль: 97%

0.31462

Средний

9.8 Critical

CVSS3

9.8 Critical

CVSS3

Дефекты

CWE-502