Password Reset Bypass Vulnerability in Pega Infinity (Versions 8.2.1 - 8.5.2)
CVE-2021-27651 · CRITICAL Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks.
Learn more about our Web Application Penetration Testing UK.