Description

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.

Remediation

References

https://pivotal.io/security/cve-2015-5170-5173

Related Vulnerabilities

CVE-2023-34036 Vulnerability in maven package org.springframework.hateoas:spring-hateoas

CVE-2022-24839 Vulnerability in maven package net.sourceforge.nekohtml:nekohtml

CVE-2018-11765 Vulnerability in maven package org.apache.hadoop:hadoop-common

CVE-2023-33004 Vulnerability in maven package org.jenkins-ci.plugins:tag-profiler

CVE-2017-12196 Vulnerability in maven package io.undertow:undertow-core

Severity

Critical

Classification

CWE-640 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory