Description

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.

Remediation

References

https://pivotal.io/security/cve-2015-5170-5173

Related Vulnerabilities

CVE-2017-1000110 Vulnerability in maven package io.jenkins.blueocean:blueocean-parent

CVE-2016-8750 Vulnerability in maven package org.apache.karaf.jaas:org.apache.karaf.jaas.modules

CVE-2021-46366 Vulnerability in maven package info.magnolia:magnolia-core

CVE-2022-43409 Vulnerability in maven package org.jenkins-ci.plugins.workflow:workflow-support

CVE-2016-8738 Vulnerability in maven package org.apache.struts:struts2-core

Severity

Critical

Classification

CWE-640 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory