CVE-2023-32090
CVE-2023-32090
In short
Pega platform versions 6.1 to 7.3.1 may come with default credentials that attackers can use to gain unauthorized access. This is critical because anyone on the internet could potentially log in without permission.
Technical detail
Default credentials in Pega platform versions 6.1–7.3.1 enable unauthenticated or low-privilege remote attackers to gain administrative access without valid credentials. The vulnerability requires no user interaction and affects systems exposed to the network, resulting in complete system compromise.
Summary generated and translated by AI from the official description.
Pega platform clients who are using versions 6.1 through 7.3.1 may be
utilizing default credentials
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Pegasystems · Pega PlatformWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →