Description

The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.

Remediation

References

https://pivotal.io/security/cve-2015-5170-5173

Related Vulnerabilities

CVE-2021-37533 Vulnerability in maven package commons-net:commons-net

CVE-2022-46366 Vulnerability in maven package tapestry:tapestry

CVE-2023-36475 Vulnerability in npm package parse-server

CVE-2012-4386 Vulnerability in maven package org.apache.struts:struts2-core

CVE-2019-20365 Vulnerability in maven package org.igniterealtime.openfire:xmppserver

Severity

Critical

Classification

CWE-613 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory