CVE-2021-27651
Description
In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks.
NVD
Severity: CRITICAL
CVE ID: CVE-2021-27651
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Pegasystems Inc.
Severity: CRITICAL
CVE ID: CVE-2021-27651
CVSS Score: 9.8
CVSS Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2021-27651
Refrence: Project Discovery GitHub
samwcyo
RCE for Pega Infinity >= 8.2.1, Pega Infinity <= 8.5.2
Refrence: GitHub
Vulnmachines
Pega Infinity Password Reset
Refrence: GitHub
orangmuda
bypass all stages of the password reset flow
Refrence: GitHub