Lucene search
PegaCVELIST:CVE-2021-27651HistoryApr 29, 2021 - 2:47 p.m.
CVE-2021-27651
2021-04-2914:47:20
CWE-287
Pega
www.cve.org
3
pega infinity
password reset
local accounts
authentication checks
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
AI Score
9.8
Confidence
High
EPSS
0.068
Percentile
94.0%
In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks.
CNA Affected
[
{
"product": "Pega Infinity",
"vendor": "Pegasystems",
"versions": [
{
"lessThan": "unspecified",
"status": "affected",
"version": "8.2.1",
"versionType": "custom"
},
{
"lessThan": "8.5.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
seebug
seebug
Pega Infinityη»ιη»θΏζΌζ΄οΌCVE-2021-27651οΌ
2021-05-17 00:00:00
githubexploit
githubexploit
Exploit for Improper Authentication in Pega Infinity
2021-05-16 19:58:31
Exploit for Improper Authentication in Pega Infinity
2021-10-05 23:33:50
cve
cve
CVE-2021-27651
2021-04-29 15:15:10
malwarebytes
malwarebytes
Pega Infinity patches authentication vulnerability
2021-05-19 14:53:37
nvd
nvd
CVE-2021-27651
2021-04-29 15:15:10
nuclei
nuclei
Pega Infinity - Authentication Bypass
2021-05-16 09:40:08
prion
prion
Authentication flaw
2021-04-29 15:15:00
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:F/RL:O/RC:C
AI Score
9.8
Confidence
High
EPSS
0.068
Percentile
94.0%
Related for CVELIST:CVE-2021-27651