Louis Sohier

**Name of the Vulnerable Software and Affected Versions** Pega Platform versions 7.1.0 through Infinity 25.1.0 **Description** Pega Platform is affected by a User Enumeration issue. A remote unauthenticated user could determine the validity of a username by observing differences in response times during the user authentication process. This issue is related to the deprecated basic-authentication feature, and more secure authentication mechanisms are recommended. The `username` parameter is involved in this process. **Recommendations** Versions 7.1.0 through 24.1.3 require updating to version 24.1.4 or later. Versions 24.1.4 through 24.2.3 require updating to version 24.2.4 or later. Versions 24.2.4 through 25.1.0 require updating to version 25.1.1 or later. Consider disabling the basic-authentication feature and adopting more secure authentication mechanisms.

Name of the Vulnerable Software and Affected Versions: Pega Platform versions 7.1.0 through 24.2.2 Description: Pega Platform is affected by a Stored Cross-Site Scripting (XSS) issue within a user interface component. Exploitation requires a user with high privileges and a developer role. Recommendations: Update Pega Platform to a version later than 24.2.2.