CVE-2021-27651

Description

In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks.

NVD
Severity: CRITICAL
CVE ID: CVE-2021-27651
CVSS Score: 9.8
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Pegasystems Inc.
Severity: CRITICAL
CVE ID: CVE-2021-27651
CVSS Score: 9.8
CVSS Metrics: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Refrence: NVD MITRE

Proof Of Concept

Nuclei Templates for CVE-2021-27651

Refrence: Project Discovery GitHub

samwcyo

RCE for Pega Infinity >= 8.2.1, Pega Infinity <= 8.5.2

Refrence: GitHub

Vulnmachines

Pega Infinity Password Reset

Refrence: GitHub

orangmuda

bypass all stages of the password reset flow

Refrence: GitHub

Description​

Proof Of Concept​

Description

Proof Of Concept