PT-2016-3242 · Pivotal+1 · Pivotal Cloud Foundry (Pcf) Elastic Runtime+2
Published
2016-05-02
·
Updated
2022-05-13
·
CVE-2015-5172
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Cloud Foundry Runtime cf-release versions prior to 216
UAA versions prior to 2.5.2
Pivotal Cloud Foundry (PCF) Elastic Runtime versions prior to 1.7.0
Description
The issue exists due to a failure to expire password reset links, allowing attackers to leverage this failure for unspecified impact. Exploitation of the vulnerability may enable a remote attacker to use old password reset links, as they remain valid after a password change.
Recommendations
For Cloud Foundry Runtime cf-release versions prior to 216, update to version 216 or later.
For UAA versions prior to 2.5.2, update to version 2.5.2 or later.
For Pivotal Cloud Foundry (PCF) Elastic Runtime versions prior to 1.7.0, update to version 1.7.0 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Cloud Foundry Runtime
Pivotal Cloud Foundry (Pcf) Elastic Runtime
Uaa