Password Reset Bypass Vulnerability in Pega Infinity (Versions 8.2.1 - 8.5.2)

Password Reset Bypass Vulnerability in Pega Infinity (Versions 8.2.1 - 8.5.2)

CVE-2021-27651 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks.

Learn more about our Web Application Penetration Testing UK.