First published: Tue Jul 19 2022(Updated: )
If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect systems running on PegaCloud due to its design and architecture.
Credit: security@pega.com
Affected Software | Affected Version | How to fix |
---|---|---|
Pega Infinity | >=8.1.0<8.7.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2022-24082 is a vulnerability in the Pega Platform that allows attackers to upload serialized payloads to attack the system.
CVE-2022-24082 affects on-premise installations of Pega Infinity if the JMX interface port is exposed to the Internet and port filtering is not properly configured.
The severity of CVE-2022-24082 is critical with a CVSS score of 9.8.
Versions 8.1.0 to 8.7.3 of Pega Platform are affected by CVE-2022-24082.
To fix CVE-2022-24082, ensure that the JMX interface port is not exposed to the Internet or configure proper port filtering.