CVE-2021-27651
First published: Thu Apr 29 2021(Updated: )
In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks.
Credit: security@pega.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pega Infinity | >=8.2.1<=8.5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2021-27651?
CVE-2021-27651 is a vulnerability found in versions 8.2.1 through 8.5.2 of Pega Infinity where the password reset functionality for local accounts can be used to bypass local authentication checks.
What is the severity of CVE-2021-27651?
The severity of CVE-2021-27651 is critical with a CVSS score of 9.8.
How does CVE-2021-27651 affect Pega Infinity?
CVE-2021-27651 affects Pega Infinity versions 8.2.1 through 8.5.2, allowing for bypass of local authentication checks through the password reset functionality for local accounts.
Is there a fix available for CVE-2021-27651?
Yes, a hotfix is available for CVE-2021-27651. Please refer to the Pega Security Advisory A21 Hotfix Matrix for more information.
Where can I find more information about CVE-2021-27651?
You can find more information about CVE-2021-27651 in the Pega Security Advisory A21 Hotfix Matrix.
- collector/nvd-index
- agent/author
- agent/references
- agent/weakness
- agent/tags
- agent/type
- agent/event
- agent/severity
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- vendor/pega
- canonical/pega infinity
- version/pega infinity/8.2.1
- version/pega infinity/8.5.2