Pega InfinityÉí·ÝÑéÖ¤ÈƹýÎó²î£¨CVE-2021-27651£©

Ðû²¼Ê±¼ä 2021-05-19

0x00 Îó²î¸ÅÊö

CVE  ID

CVE-2021-27651

ʱ    ¼ä

2021-05-19

Àà   ÐÍ

Éí·ÝÑéÖ¤Èƹý

µÈ    ¼¶

ÑÏÖØ

Ô¶³ÌʹÓÃ


Ó°Ïì¹æÄ£

Pega Infinity 8.2.1 - 8.5.2

PoC/EXP

δ¹ûÕæ

ÔÚҰʹÓÃ

·ñ

 

0x01 Îó²îÏêÇé

image.png

 

PEGA£¨Pega systems£©¹«Ë¾ÊǹæÔòÇý¶¯Á÷³Ì×Ô¶¯»¯Êг¡µÄÏòµ¼Õß £¬ £¬ £¬£¬£¬£¬£¬ÓªÒµ±é²¼È«Çò £¬ £¬ £¬£¬£¬£¬£¬²¢×¨×¢ÓÚ´óÐÍÆóÒµ¿Í»§ £¬ £¬ £¬£¬£¬£¬£¬Æä¿Í»§ÁìÓòÉæ¼°Ò½ÁƱ£½¡¹«Ë¾¡¢°ü¹Ü¹«Ë¾¡¢ÒøÐС¢Í¨Ñ¶Ð§ÀÍÌṩÉ̵ȡ£¡£¡£¡£¡£

Pega infinityÊÇPEGA¹«Ë¾µÄÒ»Ì×ÆóÒµÈí¼þÌ×¼þ £¬ £¬ £¬£¬£¬£¬£¬Á¬ÏµÁË¿Í»§¼ÓÈëºÍÊý×ÖÁ÷³Ì×Ô¶¯»¯¹¦Ð§ £¬ £¬ £¬£¬£¬£¬£¬´Ó¶ø½µµÍÁËÖØ´óÐÔ £¬ £¬ £¬£¬£¬£¬£¬²¢¿ÉÒÔʵÏÖËæ×ÅÊý×Ö»¯×ªÐͶøÉú³¤µÄ¿ÉÀ©Õ¹ÎÞ´úÂëÓ¦ÓóÌÐò¡£¡£¡£¡£¡£

¿ËÈÕ £¬ £¬ £¬£¬£¬£¬£¬PegaÐÞ¸´ÁË Pega infinityÖеÄÒ»¸öÉí·ÝÑéÖ¤ÈƹýÎó²î£¨CVE-2021-27651£© £¬ £¬ £¬£¬£¬£¬£¬¸ÃÎó²îµÄCVSSv3ÆÀ·ÖΪ9.8¡£¡£¡£¡£¡£ÓÉÓÚÖØÖÃÃÜÂëµÄųÈõÑéÖ¤»úÖÆ £¬ £¬ £¬£¬£¬£¬£¬¹¥»÷Õß¿ÉÒÔͨ¹ýʹÓÃÍâµØÕË»§µÄÃÜÂëÖØÖù¦Ð§À´ÈƹýÍâµØÉí·ÝÑéÖ¤¼ì²é £¬ £¬ £¬£¬£¬£¬£¬×îÖÕʵÏÖδÊÚȨ»á¼û»òÏÂÁîÖ´ÐС£¡£¡£¡£¡£

 

0x02 ´¦Öóͷ£½¨Òé

ÏÖÔÚPegaÒѾ­ÐÞ¸´ÁË´ËÎó²î £¬ £¬ £¬£¬£¬£¬£¬½¨Ò龡¿ìÓ¦ÓÃÇå¾²¸üС£¡£¡£¡£¡£

ÏÂÔØÁ´½Ó£º

https://collaborate.pega.com/discussion/pega-security-advisory-a21-hotfix-matrix

 

0x03 ²Î¿¼Á´½Ó

https://collaborate.pega.com/discussion/pega-security-advisory-a21-hotfix-matrix

https://www.pega.com/infinity

https://nvd.nist.gov/vuln/detail/CVE-2021-27651

 

0x04 ʱ¼äÏß

2021-04-29  CNNVDÅû¶Îó²î

2021-05-19  VSRCÐû²¼Ç徲ͨ¸æ

 

0x05 ¸½Â¼

 

CVSSÆÀ·Ö±ê×¼¹ÙÍø£ºhttp://www.first.org/cvss/

image.png