Description

The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.

Remediation

References

https://pivotal.io/security/cve-2015-5170-5173

Related Vulnerabilities

CVE-2015-0899 Vulnerability in maven package struts:struts

CVE-2018-5158 Vulnerability in npm package pdfjs-dist

CVE-2022-42125 Vulnerability in maven package com.liferay.portal:com.liferay.portal.impl

CVE-2021-39234 Vulnerability in maven package org.apache.ozone:ozone-common

CVE-2023-29198 Vulnerability in npm package electron

Severity

Critical

Classification

CWE-613 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory