Description
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.
Remediation
References
https://pivotal.io/security/cve-2015-5170-5173
Related Vulnerabilities
CVE-2020-2281 Vulnerability in maven package org.6wind.jenkins:lockable-resources
CVE-2023-28679 Vulnerability in maven package javagh.jenkins:mashup-portlets-plugin
CVE-2012-5633 Vulnerability in maven package org.apache.cxf:cxf-api
CVE-2022-45143 Vulnerability in maven package org.apache.tomcat.embed:tomcat-embed-core
CVE-2018-1000054 Vulnerability in maven package org.jvnet.hudson.plugins:ccm