Pega InfinityÉí·ÝÑéÖ¤ÈƹýÎó²î£¨CVE-2021-27651£©

Ðû²¼Ê±¼ä 2021-05-19

0x00 Îó²î¸ÅÊö

CVE  ID

CVE-2021-27651

ʱ    ¼ä

2021-05-19

Àà   ÐÍ

Éí·ÝÑéÖ¤Èƹý

µÈ    ¼¶

ÑÏÖØ

Ô¶³ÌʹÓÃ


Ó°Ïì¹æÄ£

Pega Infinity 8.2.1 - 8.5.2

PoC/EXP

δ¹ûÕæ

ÔÚҰʹÓÃ

·ñ

 

0x01 Îó²îÏêÇé

image.png

 

PEGA£¨Pega systems£©¹«Ë¾ÊǹæÔòÇý¶¯Á÷³Ì×Ô¶¯»¯Êг¡µÄÏòµ¼Õߣ¬£¬£¬£¬ £¬£¬ÓªÒµ±é²¼È«Çò£¬£¬£¬£¬ £¬£¬²¢×¨×¢ÓÚ´óÐÍÆóÒµ¿Í»§£¬£¬£¬£¬ £¬£¬Æä¿Í»§ÁìÓòÉæ¼°Ò½ÁƱ£½¡¹«Ë¾¡¢°ü¹Ü¹«Ë¾¡¢ÒøÐС¢Í¨Ñ¶Ð§ÀÍÌṩÉ̵È¡£¡£¡£¡£¡£¡£¡£

Pega infinityÊÇPEGA¹«Ë¾µÄÒ»Ì×ÆóÒµÈí¼þÌ×¼þ£¬£¬£¬£¬ £¬£¬Á¬ÏµÁË¿Í»§¼ÓÈëºÍÊý×ÖÁ÷³Ì×Ô¶¯»¯¹¦Ð§£¬£¬£¬£¬ £¬£¬´Ó¶ø½µµÍÁËÖØ´óÐÔ£¬£¬£¬£¬ £¬£¬²¢¿ÉÒÔʵÏÖËæ×ÅÊý×Ö»¯×ªÐͶøÉú³¤µÄ¿ÉÀ©Õ¹ÎÞ´úÂëÓ¦ÓóÌÐò¡£¡£¡£¡£¡£¡£¡£

¿ËÈÕ£¬£¬£¬£¬ £¬£¬PegaÐÞ¸´ÁË Pega infinityÖеÄÒ»¸öÉí·ÝÑéÖ¤ÈƹýÎó²î£¨CVE-2021-27651£©£¬£¬£¬£¬ £¬£¬¸ÃÎó²îµÄCVSSv3ÆÀ·ÖΪ9.8¡£¡£¡£¡£¡£¡£¡£ÓÉÓÚÖØÖÃÃÜÂëµÄųÈõÑéÖ¤»úÖÆ£¬£¬£¬£¬ £¬£¬¹¥»÷Õß¿ÉÒÔͨ¹ýʹÓÃÍâµØÕË»§µÄÃÜÂëÖØÖù¦Ð§À´ÈƹýÍâµØÉí·ÝÑéÖ¤¼ì²é£¬£¬£¬£¬ £¬£¬×îÖÕʵÏÖδÊÚȨ»á¼û»òÏÂÁîÖ´ÐС£¡£¡£¡£¡£¡£¡£

 

0x02 ´¦Öóͷ£½¨Òé

ÏÖÔÚPegaÒѾ­ÐÞ¸´ÁË´ËÎó²î£¬£¬£¬£¬ £¬£¬½¨Ò龡¿ìÓ¦ÓÃÇå¾²¸üС£¡£¡£¡£¡£¡£¡£

ÏÂÔØÁ´½Ó£º

https://collaborate.pega.com/discussion/pega-security-advisory-a21-hotfix-matrix

 

0x03 ²Î¿¼Á´½Ó

https://collaborate.pega.com/discussion/pega-security-advisory-a21-hotfix-matrix

https://www.pega.com/infinity

https://nvd.nist.gov/vuln/detail/CVE-2021-27651

 

0x04 ʱ¼äÏß

2021-04-29  CNNVDÅû¶Îó²î

2021-05-19  VSRCÐû²¼Ç徲ͨ¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö±ê×¼¹ÙÍø£ºhttp://www.first.org/cvss/

image.png