Description
The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.
Remediation
References
https://pivotal.io/security/cve-2015-5170-5173
Related Vulnerabilities
CVE-2020-7014 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2014-0109 Vulnerability in maven package org.apache.cxf:cxf-bundle
CVE-2023-31419 Vulnerability in maven package org.elasticsearch:elasticsearch
CVE-2023-48241 Vulnerability in maven package org.xwiki.platform:xwiki-platform-search-solr-query
CVE-2017-1000398 Vulnerability in maven package org.jenkins-ci.main:jenkins-core