PT-2021-17582 · Pegasystems · Pega Infinity
Samuel Curry
·
Published
2021-04-29
·
Updated
2024-10-09
·
CVE-2021-27651
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Pega Infinity versions 8.2.1 through 8.5.2
Description
The issue concerns the password reset functionality for local accounts, which can be exploited to bypass local authentication checks.
Recommendations
For Pega Infinity versions 8.2.1 through 8.5.2, consider disabling the password reset functionality for local accounts until a patch is available. Restrict access to the password reset module to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Improper Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Pega Infinity