CVE-2021-27654

Summary

Forgotten password reset functionality for local accounts can be used to bypass local authentication checks.

Affected Software

VendorProductVersion RangeStatus
PegasystemsPega Infinity8.2.1 < unspecifiedaffected
PegasystemsPega Infinityunspecified < 8.6.1affected

Weaknesses

  • CWE-640: CWE-640: Weak Password Recovery Mechanism for Forgotten Password

ADP Enrichment

CVE Program Container

Additional References

References