.. / CVE-2021-27651

Exploit for Pega Infinity - Authentication Bypass (CVE-2021-27651)

Description:

Pega Infinity versions 8.2.1 through 8.5.2 contain an authentication bypass vulnerability because the password reset functionality for local accounts can be used to bypass local authentication checks.

Nuclei Template

View the template here CVE-2021-27651.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-27651.yaml

References:

https://github.com/nomi-sec/PoC-in-GitHub
https://nvd.nist.gov/vuln/detail/CVE-2021-27651
https://github.com/samwcyo/CVE-2021-27651-PoC/blob/main/RCE.md
https://github.com/orangmuda/CVE-2021-27651
https://collaborate.pega.com/discussion/pega-security-advisory-a21-hotfix-matrix

.. / CVE-2021-27651 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for Pega Infinity - Authentication Bypass (CVE-2021-27651)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2021-27651