CVE-2022-24083: 
NixOS vulnerability analysis and mitigation

A critical password authentication bypass vulnerability (CVE-2022-24083) was discovered in Pega Platform versions 7.3.1 through 8.7.2. The vulnerability was initially identified through penetration testing conducted by client security researchers Lewis Churchill, Daniel Wiseman, and Alan Tran. This vulnerability allows attackers to bypass local authentication checks for local accounts (Vendor Advisory).

The vulnerability has been assigned a CVSS v3.1 base score of 9.8 CRITICAL (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating a critical severity level. The vulnerability is related to improper authorization (CWE-285) and affects the authentication mechanism for local accounts (NVD).

If exploited, this vulnerability could allow attackers to bypass local authentication checks, potentially gaining unauthorized access to affected systems. The CVSS score of 9.8 indicates that successful exploitation could result in a complete compromise of system confidentiality, integrity, and availability (NVD).

Pega has released the C22 Hotfix series to address this vulnerability across all affected versions. For Pega Cloud clients, environments are being proactively remediated by Pega. Pega Cloud for Government (PCFG) clients receive SR cases with relevant hotfixes to apply. On-premises clients need to identify their version-specific hotfix from the provided matrix and submit a hotfix request through My Support Portal. A system restart is required after applying the hotfix (Vendor Advisory).