📄 PEGA Infinity Brute Force / Insecure Direct Object Reference

PEGA Infinity suffers from brute forcing and insecure direct object reference vulnerabilities. Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by the brute force issue. Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by the idor issue. SEC Consult Vulnerability Lab...

CVE-2021-27651

In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks...

Pega Infinity patches authentication vulnerability

Security researchers came across a Pega Infinity vulnerability through participation in Apple’s bug bounty program, after focusing on vendors that supplied technology to Apple. By using Burp Suite—an integrated platform for performing security testing of web applications—the security researchers...

Pega Infinity登陆绕过漏洞（CVE-2021-27651）

Summary An attacker can bypass all stages of the password reset flow and reset any user's account on Pega infinity. This is done by 1 initiating the password reset flow and typing in the victim email, then 2 forcing the HTTP POST request to update the password through. An attacker could login usi...

CVE-2021-27651

In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks...

CVE-2021-27651

In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks...

Authentication flaw

In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks...

CVE-2021-27651

CVE-2021-27651 affects Pega Infinity versions 8.2.1 through 8.5.2. The password-reset flow for local accounts can bypass local authentication checks, enabling an attacker to gain unauthorized access to a Pega Infinity installation. Public sources describe a path to login with an administrator acc...

CVE-2021-27651

In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks...

PEGA pega infinity 授权问题漏洞

PEGA pega infinity is an application from PEGA USA. Provides transition from digital chaos to true digital conversion. An authorization issue vulnerability exists in Pega Infinity versions 8.2.1 through 8.5.2, which stems from the fact that the password reset feature for local accounts can be use...

PT-2021-17582 · Pegasystems · Pega Infinity

Name of the Vulnerable Software and Affected Versions: Pega Infinity versions 8.2.1 through 8.5.2 Description: The issue concerns the password reset functionality for local accounts, which can be exploited to bypass local authentication checks. Recommendations: For Pega Infinity versions 8.2.1...