CVE-2021-32545
https://notcve.org/view.php?id=CVE-2021-32545
Pexip Infinity before 26 allows remote denial of service because of missing RTMP input validation. Pexip Infinity versiones anteriores a 26, permite una denegación de servicio remota debido a una falta de comprobación de entrada de RTMP • https://docs.pexip.com/admin/security_bulletins.htm • CWE-20: Improper Input Validation •
CVE-2021-27651
https://notcve.org/view.php?id=CVE-2021-27651
In versions 8.2.1 through 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks. En versiones 8.2.1 hasta 8.5.2 de Pega Infinity, la funcionalidad password reset para cuentas locales puede ser usada para omitir las comprobaciones de autenticación locales • https://github.com/samwcyo/CVE-2021-27651-PoC https://github.com/Vulnmachines/CVE-2021-27651 https://github.com/orangmuda/CVE-2021-27651 https://collaborate.pega.com/discussion/pega-security-advisory-a21-hotfix-matrix • CWE-287: Improper Authentication •
CVE-2021-27653
https://notcve.org/view.php?id=CVE-2021-27653
Misconfiguration of the Pega Chat Access Group portal in Pega platform 7.4.0 - 8.5.x could lead to unintended data exposure. La configuración incorrecta del portal Pega Chat Access Group en la plataforma Pega versiones 7.4.0 - 8.5.x podría conllevar a una exposición de datos no intencionada. • https://collaborate.pega.com/discussion/pega-security-advisory-%E2%80%93-b21 https://robertwillishacking.com/census-vulnerability-exposes-10k-oauth-tokens-thousands-of-user-records • CWE-284: Improper Access Control •