Researchers found vulnerability in Pega Infinity
By MYBRANDBOOK
Pega Infinity is a popular enterprise software suite, with over 2,000 users. The package includes customer service and sales automation, an AI-driven ‘customer decision hub’, workforce intelligence, and a ‘no-code’ development platform. Some of its big-list customers include the FBI, US Air Force, Apple, American Express, and others.
According to the research team – Sam Curry, Justin Rhinehart, Brett Buerhaus, and Maik Robert – CVE-2021-27651 is a critical-risk vulnerability in versions 8.2.1 to 8.5.2 of Pega’s Infinity software. The proof of concept demonstrates how an attacker could bypass Pega Infinity’s password reset system. However, the threat actors can fully compromise the Pega instance using malicious techniques like remote code execution, including the alteration of dynamic pages or templates.
Assailants could then use the reset account to “fully compromise” the Pega instance, through administrator-only remote code execution. This could include modifying dynamic pages, or templating. The security researchers came across the Pega Infinity vulnerability through participation in Apple’s bug bounty program.
The vendor added: “We would like to also note that no clients have reported any issues related to this vulnerability. Pega makes security a top priority, and we have acted quickly to remedy this issue.
“Pega believes independent security researchers play a valuable role in internet security, and we encourage responsible reporting of any vulnerabilities that may be found on our site or in our applications.”
Singapore to remove One-Time Passwords from Bank Accounts
According to the Monetary Authority of Singapore, clients who utilise secur...
Is 375 million Airtel subscribers database breached?
When a hacker claims to have accessed and put up for sale a customer databa...
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
Icons Of India : Dilip Asbe
At present, Dilip Asbe is heading National Payments Corporation of Ind...
Icons Of India : AALOK KUMAR
Aalok Kumar is celebrated as a global leader and recipient of the Peop...
Icons Of India : Puneet Chandok
Puneet Chandok is President, Microsoft India & South Asia and is respo...
BEL - Bharat Electronics Limited
BEL is an Indian Government-owned aerospace and defence electronics co...
HPCL - Hindustan Petroleum Corporation Ltd.
HPCL is an integrated oil and gas company involved in refining, market...
CSC - Common Service Centres
CSC initiative in India is a strategic cornerstone of the Digital Indi...
Indian Tech Talent Excelling The Tech World - NEAL MOHAN, CEO - Youtube
Neal Mohan, the CEO of YouTube, has a bold vision for the platform’s...
Indian Tech Talent Excelling The Tech World - Satya Nadella, Chairman & CEO- Microsoft
Satya Nadella, the Chairman and CEO of Microsoft, recently emphasized ...
Indian Tech Talent Excelling The Tech World - REVATHI ADVAITHI, CEO- Flex
Revathi Advaithi, the CEO of Flex, is a dynamic leader driving growth ...