CVE-2021-27651

Summary

In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks.

Affected Software

VendorProductVersion RangeStatus
PegasystemsPega Infinity8.2.1 < unspecifiedaffected
PegasystemsPega Infinityunspecified < 8.5.2affected

Weaknesses

  • CWE-287: CWE-287: Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

References