Description

The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.

Remediation

References

https://pivotal.io/security/cve-2015-5170-5173

Related Vulnerabilities

CVE-2015-5211 Vulnerability in maven package org.springframework:spring-web

CVE-2010-2076 Vulnerability in maven package org.apache.cxf:cxf-bundle

CVE-2022-23710 Vulnerability in maven package org.elasticsearch:elasticsearch

CVE-2016-0956 Vulnerability in maven package org.apache.sling:org.apache.sling.servlets.post

CVE-2023-30867 Vulnerability in maven package org.apache.streampark:streampark

Severity

Critical

Classification

CWE-613 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory