Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium

CMS

Pega Infinity

Pega Infinity is a unified platform by Pegasystems that combines customer engagement and digital process automation (DPA) capabilities. It leverages AI to anticipate customer needs automate processes and deliver personalized experiences across various channels. Pega Infinity also includes a low-code application development environment (Pega Platform) for building and deploying applications

Official Site:

https://www.pega.com/infinity

Severity Summary:

Critical: 7 High: 10 Medium: 25
Reference
Title
Severity
CVE-2022-24083
Pega Infinity Other Vulnerability
Critical
CVE-2023-32090
Pega Infinity Improper Authentication Vulnerability
Critical
CVE-2022-24082
Pega Infinity Deserialization of Untrusted Data Vulnerability
Critical
CVE-2023-28094
Pega Infinity Other Vulnerability
Critical
CVE-2020-15390
Pega Infinity Improper Privilege Management Vulnerability
Critical
CVE-2024-10094
Pega Infinity Improper Control of Generation of Code (Code Injection) Vulnerability
Critical
CVE-2021-27651
Pega Infinity Improper Authentication Vulnerability
Critical
CVE-2019-16387
Pega Infinity Exposure of Resource to Wrong Sphere Vulnerability
High
CVE-2025-2160
Pega Infinity Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
High
CVE-2020-8775
Pega Infinity Improper Neutralization of Input During Web Page Generation (Stored Cross-site Scripting) Vulnerability
High
CVE-2020-8775
Pega Infinity Improper Neutralization of Input During Web Page Generation (Stored Cross-site Scripting) Vulnerability
High
CVE-2020-8774
Pega Infinity Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
High
CVE-2025-2161
Pega Infinity Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
High
CVE-2023-50166
Pega Infinity Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
High
CVE-2023-50166
Pega Platform Vulnerability PDF Server-Side Request Forgery Vulnerability
High
CVE-2021-27654
Pega Infinity Weak Password Recovery Mechanism for Forgotten Password Vulnerability
High
CVE-2023-50168
Pega Infinity Improper Restriction of XML External Entity Reference Vulnerability
High
CVE-2017-11355
Pega Infinity Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-32089
Pega Infinity Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2023-32088
Pega Infinity Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-8681
Pega Infinity Improper Neutralization of Input During Web Page Generation (Stored Cross-site Scripting) Vulnerability
Medium
CVE-2023-32087
Pega Infinity Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2025-9559
Pega Infinity Authorization Bypass Through User-Controlled Key Vulnerability
Medium
CVE-2019-16374
Pega Platform LDAP Injection Vulnerability
Medium
CVE-2024-12211
Pega Infinity Improper Neutralization of Input During Web Page Generation (Stored Cross-site Scripting) Vulnerability
Medium
CVE-2021-27653
Pega Infinity Vulnerability
Medium
CVE-2017-11356
Pega Infinity Exposure of Sensitive Information to an Unauthorized Actor Vulnerability
Medium
CVE-2017-17478
Pega Infinity Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2019-16386
Pega Infinity Direct Request (Forced Browsing) Vulnerability
Medium
CVE-2024-6701
Pega Infinity Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium