Pega InfinityÉí·ÝÑéÖ¤Èƹý·ì϶£¨CVE-2021-27651£©

°ä²¼¹¦·ò 2021-05-19

0x00 ·ì϶¸ÅÊö

CVE  ID

CVE-2021-27651

ʱ    ¼ä

2021-05-19

Àà   ÐÍ

Éí·ÝÑéÖ¤Èƹý

µÈ    ¼¶

ÑϳÁ

Ô¶³ÌÀûÓÃ


Ó°ÏìÁìÓò

Pega Infinity 8.2.1 - 8.5.2

PoC/EXP

δ¹«¿ª

ÔÚÒ°ÀûÓÃ

·ñ

 

0x01 ·ì϶ÏêÇé

image.png

 

PEGA£¨Pega systems£©¹«Ë¾Êǹ涨Çý¶¯Á÷³Ì×Ô¶¯»¯Êг¡µÄ¸¨µ¼Õߣ¬£¬£¬£¬£¬£¬£¬£¬ÒµÎñ±é²¼È«Çò£¬£¬£¬£¬£¬£¬£¬£¬²¢×¨Ò»ÓÚ´óÐÍÆóÒµ¿Í»§£¬£¬£¬£¬£¬£¬£¬£¬Æä¿Í»§ÁìÓòÉæ¼°Ò½ÁƱ£½¡¹«Ë¾¡¢±£ÏÕ¹«Ë¾¡¢ÒøÐÓעͨÕÛ·þÎñÌṩÉ̵È¡£¡£¡£¡£ ¡£¡£

Pega infinityÊÇPEGA¹«Ë¾µÄÒ»Ì×ÆóÒµÈí¼þÌ×¼þ£¬£¬£¬£¬£¬£¬£¬£¬½áºÏÁË¿Í»§²Î¼ÓºÍÊý×ÖÁ÷³Ì×Ô¶¯»¯Ö°ÄÜ£¬£¬£¬£¬£¬£¬£¬£¬´Ó¶ø½µµÍÁ˸´ÔÓÐÔ£¬£¬£¬£¬£¬£¬£¬£¬²¢Äܹ»ÊµÏÖËæ×ÅÊý×Ö»¯×ªÐͶø·¢Õ¹µÄ¿ÉÀ©´óÎÞ´úÂëÀûÓ÷¨Ê½¡£¡£¡£¡£ ¡£¡£

½üÈÕ£¬£¬£¬£¬£¬£¬£¬£¬Pega½¨¸´ÁË Pega infinityÖеÄÒ»¸öÉí·ÝÑéÖ¤Èƹý·ì϶£¨CVE-2021-27651£©£¬£¬£¬£¬£¬£¬£¬£¬¸Ã·ì϶µÄCVSSv3ÆÀ·ÖΪ9.8¡£¡£¡£¡£ ¡£¡£ÓÉÓÚ³ÁÖÃÃÜÂëµÄ´àÈõÑéÖ¤»úÔ죬£¬£¬£¬£¬£¬£¬£¬¹¥»÷ÕßÄܹ»Í¨¹ýÀûÓñ¾µØÕË»§µÄÃÜÂë³ÁÖÃÖ°ÄÜÀ´Èƹý±¾µØÉí·ÝÑéÖ¤²é³­£¬£¬£¬£¬£¬£¬£¬£¬×îÖÕʵÏÖδÊÚȨ½Ó¼û»òºÅÁîÖ´ÐС£¡£¡£¡£ ¡£¡£

 

0x02 ´ëÖý¨Òé

Ä¿Ç°PegaÒѾ­½¨¸´ÁË´Ë·ì϶£¬£¬£¬£¬£¬£¬£¬£¬½¨Ò龡¿ìÀûÓð²È«¸üС£¡£¡£¡£ ¡£¡£

ÏÂÔØÁ´½Ó£º

https://collaborate.pega.com/discussion/pega-security-advisory-a21-hotfix-matrix

 

0x03 ²Î¿¼Á´½Ó

https://collaborate.pega.com/discussion/pega-security-advisory-a21-hotfix-matrix

https://www.pega.com/infinity

https://nvd.nist.gov/vuln/detail/CVE-2021-27651

 

0x04 ¹¦·òÏß

2021-04-29  CNNVDÅû¶·ì϶

2021-05-19  VSRC°ä²¼°²È«¹«¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö³ß¶È¹ÙÍø£ºhttp://www.first.org/cvss/

image.png