Support Center

Security Advisory

BrendanHoran

Member since 2011

99 posts

PEGA

Posted: Feb 5, 2021

Last activity: Dec 2, 2022

Posted: 5 Feb 2021 11:49 EST
Last activity: 2 Dec 2022 15:44 EST

Closed

Pega Security Advisory - A21 - Hotfix Matrix

Pega continually works to implement security controls designed to protect client environments. With this focus, Pega has identified a critical security vulnerability in versions 8.2.1 – 8.5.2 of Pega Infinity. Pega has created the A21 Hotfix for each relevant version to remediate this issue.

If you are an on–premise client, please review the table below to determine which hotfix corresponds to your Pegasystems installation. Once you have determined the appropriate hotfix ID, please submit a hotfix request using My Support Portal. Pega Cloud® environments running the relevant Pega versions are being proactively remediated by Pega.

As always, we recommend our customers review our Security Checklist regularly.

CVE Details:

Software/Product: Pega Infinity

Version: 8.2.1-8.5.2

CVE ID: CVE-2021- 27651

Description: Password reset functionality for local accounts can be used to bypass local authentication checks.

8.2.1	HFIX-69674
8.2.2	HFIX-69653
8.2.3	HFIX-69675
8.2.4	HFIX-69676
8.2.5	HFIX-69677
8.2.6	HFIX-69678
8.2.7	HFIX-69679
8.2.8	HFIX-69680
8.3.0	HFIX-69681
8.3.1	HFIX-69682
8.3.2	HFIX-69684
8.3.3	HFIX-69686
8.3.4	HFIX-69687
8.3.5	HFIX-69688
8.4.0	HFIX-69689
8.4.1	HFIX-69690
8.4.2	HFIX-69691
8.4.3	HFIX-69692
8.4.4	HFIX-69694
8.5.1	HFIX-69695
8.5.2	HFIX-69696