CVE-2021-27651
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-27651
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
认证机制不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
PEGA pega infinity 授权问题漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
PEGA pega infinity是美国PEGA公司的一个应用软件。提供从数字混乱过渡到真正的数字转换。 Pega Infinity 8.2.1版本至8.5.2版本存在授权问题漏洞,该漏洞源于本地帐户的密码重置功能可以用来绕过本地认证检查。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Shenlong Deep Dive — AI Deep Analysis
10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Pegasystems | Pega Infinity | 8.2.1 ~ unspecified | - |
II. Public POCs for CVE-2021-27651
| # | POC Description | Source Link | Shenlong Link |
|---|---|---|---|
| 1 | RCE for Pega Infinity >= 8.2.1, Pega Infinity <= 8.5.2 | https://github.com/samwcyo/CVE-2021-27651-PoC | POC Details |
| 2 | Pega Infinity Password Reset | https://github.com/Vulnmachines/CVE-2021-27651 | POC Details |
| 3 | bypass all stages of the password reset flow | https://github.com/orangmuda/CVE-2021-27651 | POC Details |
| 4 | Pega Infinity versions 8.2.1 through 8.5.2 contain an authentication bypass vulnerability because the password reset functionality for local accounts can be used to bypass local authentication checks. | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2021/CVE-2021-27651.yaml | POC Details |
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-27651
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same product: Pega Infinity
- CVE-2026-1711
Pega Platform versions 8.1.0 through 25.1.1 are affected by - CVE-2026-1564
Pega Platform versions 8.1.0 through 25.1.1 are affected by - CVE-2025-62184
Pega Platform versions 8.1.0 through 25.1.0 are affected by - CVE-2025-62183
Pega Platform versions 8.1.0 through 25.1.1 are affected by - CVE-2025-62182
Pega Customer Service Framework versions 8.7.0 through 25.1.
Same vendor: Pegasystems
- CVE-2026-1711
Pega Platform versions 8.1.0 through 25.1.1 are affected by - CVE-2026-1564
Pega Platform versions 8.1.0 through 25.1.1 are affected by - CVE-2026-1079
A native messaging host vulnerability in Pega Browser Extens - CVE-2026-1078
An arbitrary file-write vulnerability in Pega Browser Extens - CVE-2025-62184
Pega Platform versions 8.1.0 through 25.1.0 are affected by
Same weakness: CWE-287
- CVE-2026-8244
Industrial Application Software IAS Canias ERP Login RMI imp - CVE-2026-8216
Industrial Application Software IAS Canias ERP Java RMI Sess - CVE-2026-8214
Industrial Application Software IAS Canias ERP RMI doAction - CVE-2026-42560
auth: Patreon provider assigns the same local user ID to eve - CVE-2026-41070
openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, all
V. Comments for CVE-2021-27651
No comments yet