In versions 8.2.1 up to and including 8.5.2 of Pega Infinity, the password reset functionality for local accounts can be used to bypass local authentication checks.
pega infinity
Pega Infinity Password Reset
CVE-2021-27651 Pega Infinity Password Reset Video Follow Youtube Twitter Telegram Vulnmachinescom