Skip to main content

Question

 Machiel van Ampting (Viper0131)
Trivento

Trivento
NL
Viper0131 Member since 2016 2 posts
Trivento
Posted: 2 weeks 1 day ago
Last activity: 1 week 6 days ago
Posted: 2 Jan 2026 5:24 EST
Last activity: 4 Jan 2026 23:20 EST

Our trivy scans show a medium cve in pega images (CVE-2025-8885)

Is pega using Bouncy Castle (bc) libraries? 
in a running image I find bc-fips-2.0.0.jar  bctls-fips-2.0.19.jar  bcutil-fips-2.0.3.jar inside /opt/pega/bcfips

Pega version, latest '24.2.3

Can you help providing an explanation about how pega is infected by this issue and how to resolve this?
 

To see attachments, please log in.
Pega Platform 24.1.3
Pega Platform 24.2.3
Pega Platform
Client-managed Cloud
Government
Team Lead

  • Reply

We'd prefer it if you saw us at our best.

Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.

Close Deprecation Notice