Description

The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.

Remediation

References

https://pivotal.io/security/cve-2015-5170-5173

Related Vulnerabilities

CVE-2020-13940 Vulnerability in maven package org.apache.nifi:nifi-bootstrap

CVE-2020-24582 Vulnerability in npm package zulip

CVE-2013-1879 Vulnerability in maven package activemq:activemq-core

CVE-2020-1947 Vulnerability in maven package org.apache.shardingsphere:shardingsphere

CVE-2011-2730 Vulnerability in maven package org.springframework:spring-core

Severity

Critical

Classification

CWE-613 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory