PT-2017-6641 · Cloud Foundry+1 · Cloud Foundry Runtime+2
Publicado
2017-05-25
·
Atualizado
2022-05-13
·
CVE-2015-3189
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Cloud Foundry Runtime cf-release versions v208 or earlier
UAA Standalone versions 2.2.5 or earlier
Pivotal Cloud Foundry Runtime versions 1.4.5 or earlier
Description
The issue arises when a user changes their email address, and old password reset links are not expired. This is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.
Recommendations
For Cloud Foundry Runtime cf-release versions v208 or earlier, update to a version later than v208 to resolve the issue.
For UAA Standalone versions 2.2.5 or earlier, update to a version later than 2.2.5 to resolve the issue.
For Pivotal Cloud Foundry Runtime versions 1.4.5 or earlier, update to a version later than 1.4.5 to resolve the issue.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Cloud Foundry Runtime
Pivotal Cloud Foundry Runtime
Uaa