Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-27654
CVE-2021-27654:
NixOS vulnerability analysis and mitigation
Overview
A high severity security vulnerability was identified in Pega Infinity versions 8.2.1 through 8.6.1. The vulnerability is related to CWE-640, which involves password reset functionality for local accounts that could potentially bypass local authentication checks (Pega Advisory).
Technical details
The vulnerability is classified under CWE-640 classification, as confirmed by multiple vulnerability assessments (NVD CNA).
Impact
The vulnerability could potentially allow unauthorized access through the password reset functionality, affecting local authentication mechanisms (Pega Advisory).
Mitigation and workarounds
Pega has released the C21 Hotfix series to address this vulnerability across all affected versions. For on-premise clients, specific hotfixes are available for each version from 8.2.1 through 8.6.1. Pega Cloud environments running the affected versions were proactively remediated by Pega. Customers are advised to review the Security Checklist regularly (Pega Advisory).
Additional resources
Source: This report was generated using AI
Related NixOS vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management