Researchers found vulnerability in Pega Infinity
By MYBRANDBOOK
Pega Infinity is a popular enterprise software suite, with over 2,000 users. The package includes customer service and sales automation, an AI-driven ‘customer decision hub’, workforce intelligence, and a ‘no-code’ development platform. Some of its big-list customers include the FBI, US Air Force, Apple, American Express, and others.
According to the research team – Sam Curry, Justin Rhinehart, Brett Buerhaus, and Maik Robert – CVE-2021-27651 is a critical-risk vulnerability in versions 8.2.1 to 8.5.2 of Pega’s Infinity software. The proof of concept demonstrates how an attacker could bypass Pega Infinity’s password reset system. However, the threat actors can fully compromise the Pega instance using malicious techniques like remote code execution, including the alteration of dynamic pages or templates.
Assailants could then use the reset account to “fully compromise” the Pega instance, through administrator-only remote code execution. This could include modifying dynamic pages, or templating. The security researchers came across the Pega Infinity vulnerability through participation in Apple’s bug bounty program.
The vendor added: “We would like to also note that no clients have reported any issues related to this vulnerability. Pega makes security a top priority, and we have acted quickly to remedy this issue.
“Pega believes independent security researchers play a valuable role in internet security, and we encourage responsible reporting of any vulnerabilities that may be found on our site or in our applications.”
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
The latest version of X helps prevent deepfakes on social medi
To combat deepfakes and shallowfakes, Elon Musk revealed a new update t...
India and Namibia collaborate on a payment system similar to U
Once operational, the platform will enable digital transactions in Namibia,...
Sebi issues show-cause notices to six Adani group firms
Sebi issued show-cause notices to six Adani Group firms, including Adani ...
LUMINOUS POWER TECHNOLOGIES PVT. LTD.
OPTIEMUS INFRACOM
ZOHO CORPORATION PVT. LTD.
MATRIX COMSEC PVT. LTD.
Technology Icons Of India 2023: Aalok Kumar
Aalok continues to lead the India business and further strengthen Indi...
Technology Icons Of India 2023: Sachin Bansal
Sachin Bansal’s fintech startup, Navi Technologies, simplifies loan ...
Technology Icons Of India 2023: Vijay Shekhar Sharma
Vijay Shekhar Sharma is an Indian technology entrepreneur and billiona...
ITI Limited widening its focus area
ITI Limited is a public sector undertaking company, has manufacturing ...
NIC bridging the digital divide and supporting government in eGovernance
The National Informatics Centre (NIC) is an Indian government departme...
EESL encouraging e-mobility adoption across India
Energy Efficiency Services Limited (EESL) is a Super Energy Service Co...
BEETEL TELETECH LTD.
: Beetel is one of the oldest and most reputed brands in the Industry,...
M. TECH SOLUTIONS (I) PVT. LTD.
M.Tech is a leading cyber security and network performance solutions ...
RAH INFOTECH
RAH Infotech is India’s fastest growing technology value added dist...