CVE-2023-28094
CVE-2023-28094
In short
Pega platform clients running versions 7.4 to 8.8.x that upgraded from versions before 8.x may still be using default credentials, allowing unauthorized access to the system.
Technical detail
Clients who upgraded to Pega 8.x from earlier versions may retain default credentials in their configuration, enabling authentication bypass. This affects versions 7.4 through 8.8.x and requires the specific upgrade path to be vulnerable; exploitation allows attackers to gain unauthorized administrative or user access.
Summary generated and translated by AI from the official description.
Pega platform clients who are using versions 7.4 through 8.8.x and have upgraded from a version prior to 8.x may be utilizing default credentials.
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Pegasystems · Pega PlatformWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →