PT-2022-9840 · Pegasystems+1 · Pega Infinity+1

Published

2022-01-28

Updated

2022-02-03

CVE-2021-27654

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions No specific software or versions mentioned.

Description The issue concerns the forgotten password reset functionality for local accounts, which can be exploited to bypass local authentication checks.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-640

Related Identifiers

CVE-2021-27654

Affected Products

Pega Infinity

Infinity

PT-2022-9840 · Pegasystems+1 · Pega Infinity+1

CVE-2021-27654

Weakness Enumeration

Related Identifiers

Affected Products

References · 3