Pegasystems · Pega Infinity · CVE-2021-27651
**Name of the Vulnerable Software and Affected Versions**
Pega Infinity versions 8.2.1 through 8.5.2
**Description**
The issue concerns the password reset functionality for local accounts, which can be exploited to bypass local authentication checks.
**Recommendations**
For Pega Infinity versions 8.2.1 through 8.5.2, consider disabling the password reset functionality for local accounts until a patch is available. Restrict access to the password reset module to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.