CVE-2022-24082 Vulnerability Details

  /     /     /  

CVE-2022-24082 Metadata Quick Info

CVE Published: 19/07/2022 | CVE Updated: 03/08/2024 | CVE Year: 2022
Source: Pega | Vendor: Pegasystems | Product: Pega Infinity
Status : PUBLISHED

---

CVE-2022-24082 Description

If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect systems running on PegaCloud due to its design and architecture.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-502
CWE Name: CWE-502: Deserialization of Untrusted Data
Source: Pegasystems

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).