Vulnerability Description
If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect systems running on PegaCloud due to its design and architecture.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pega | Infinity | >= 8.1.0, < 8.7.3 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/169480/Pega-Platform-8.7.3-Remote-Code-ExecExploitThird Party AdvisoryVDB Entry
- https://support.pega.com/support-doc/pega-security-advisory-b22-vulnerability-%EVendor Advisory
- http://packetstormsecurity.com/files/169480/Pega-Platform-8.7.3-Remote-Code-ExecExploitThird Party AdvisoryVDB Entry
- https://support.pega.com/support-doc/pega-security-advisory-b22-vulnerability-%EVendor Advisory
FAQ
What is CVE-2022-24082?
CVE-2022-24082 is a vulnerability with a CVSS score of 9.8 (CRITICAL). If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to u...
How severe is CVE-2022-24082?
CVE-2022-24082 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-24082?
Check the references section above for vendor advisories and patch information. Affected products include: Pega Infinity.