CVE-2022-24082
First published: Tue Jul 19 2022(Updated: )
If an on-premise installation of the Pega Platform is configured with the port for the JMX interface exposed to the Internet and port filtering is not properly configured, then it may be possible to upload serialized payloads to attack the underlying system. This does not affect systems running on PegaCloud due to its design and architecture.
Credit: security@pega.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pega Infinity | >=8.1.0<8.7.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-24082?
CVE-2022-24082 is a vulnerability in the Pega Platform that allows attackers to upload serialized payloads to attack the system.
How does CVE-2022-24082 affect Pega Infinity installations?
CVE-2022-24082 affects on-premise installations of Pega Infinity if the JMX interface port is exposed to the Internet and port filtering is not properly configured.
What is the severity of CVE-2022-24082?
The severity of CVE-2022-24082 is critical with a CVSS score of 9.8.
Which versions of Pega Platform are affected by CVE-2022-24082?
Versions 8.1.0 to 8.7.3 of Pega Platform are affected by CVE-2022-24082.
How can I fix CVE-2022-24082?
To fix CVE-2022-24082, ensure that the JMX interface port is not exposed to the Internet or configure proper port filtering.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/severity
- agent/author
- agent/type
- agent/description
- agent/tags
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/pega
- canonical/pega infinity
- version/pega infinity/8.1.0