What is the Pega CNA?
Pega is a CVE Numbering Authority (CNA) — an organization authorized to assign CVE IDs to vulnerabilities in its scope. It has published 34 CVE records since 2021.
How many CVEs has Pega published?
Pega has published 34 CVE records, including 14 in the last two years.
What is Pega's CVE data quality grade?
RadicalNotion.AI grades Pega's CVE data quality as A, with an overall completeness score of 100%. This reflects how consistently its CVE records include vendor (100%), product (100%), CVSS (100%), and CWE (100%) information.
What products does Pega publish CVEs for?
Pega most frequently publishes CVEs for Pega Infinity, Pega Platform, infinity, platform, synchronization engine.
Which vendors does Pega cover?
Pega publishes CVEs across 2 distinct vendors, most often Pegasystems, pega, Pega Systems.
Is Pega actively publishing CVEs?
Pega is currently active, based on 14 CVEs in the last two years.
What is the average severity of Pega's CVEs?
The average CVSS base score across Pega's scored CVEs is 6.9.
How many critical CVEs has Pega published?
Pega has published 6 critical-severity CVEs and 11 high-severity CVEs.
Are any of Pega's CVEs in CISA's Known Exploited Vulnerabilities catalog?
No. None of Pega's CVEs are currently listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
What are the most common weakness types in Pega's CVEs?
Pega's CVEs most often map to these CWE weakness types: CWE-79 (Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')), CWE-284 (Improper Access Control), CWE-285 (Improper Authorization), CWE-1393 (Use of Default Password).
How does Pega rank among CNAs?
By total CVE volume, Pega ranks #207 of 370 CNAs, and it reports more complete CVE records than 60% of all CNAs.
