PT-2016-3242 · Pivotal+1 · Pivotal Cloud Foundry (Pcf) Elastic Runtime+2
Publicado
2016-05-02
·
Atualizado
2022-05-13
·
CVE-2015-5172
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cloud Foundry Runtime cf-release versions prior to 216
UAA versions prior to 2.5.2
Pivotal Cloud Foundry (PCF) Elastic Runtime versions prior to 1.7.0
Description
The issue exists due to a failure to expire password reset links, allowing attackers to leverage this failure for unspecified impact. Exploitation of the vulnerability may enable a remote attacker to use old password reset links, as they remain valid after a password change.
Recommendations
For Cloud Foundry Runtime cf-release versions prior to 216, update to version 216 or later.
For UAA versions prior to 2.5.2, update to version 2.5.2 or later.
For Pivotal Cloud Foundry (PCF) Elastic Runtime versions prior to 1.7.0, update to version 1.7.0 or later.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cloud Foundry Runtime
Pivotal Cloud Foundry (Pcf) Elastic Runtime
Uaa