Description

The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.

Remediation

References

https://pivotal.io/security/cve-2015-5170-5173

Related Vulnerabilities

CVE-2019-3772 Vulnerability in maven package org.springframework.integration:spring-integration-xml

CVE-2020-2285 Vulnerability in maven package org.jenkins-ci.plugins:liquibase-runner

CVE-2019-10241 Vulnerability in maven package org.eclipse.jetty.aggregate:jetty-all-server

CVE-2014-7810 Vulnerability in maven package org.apache.tomcat:el-api

CVE-2015-8855 Vulnerability in maven package org.webjars.bower:semver

Severity

Critical

Classification

CWE-613 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory