WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2015-5171 Vulnerability in maven package org.cloudfoundry.identity:cloudfoundry-identity-common

Description

The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.

Remediation

References

https://pivotal.io/security/cve-2015-5170-5173

Related Vulnerabilities

CVE-2019-16574 Vulnerability in maven package com.alauda.jenkins.plugins:alauda-devops-pipeline

CVE-2013-4390 Vulnerability in maven package org.apache.sling:org.apache.sling.auth.core

CVE-2015-5348 Vulnerability in maven package org.apache.camel:camel-http4

CVE-2019-10365 Vulnerability in maven package org.jenkins-ci.plugins:google-kubernetes-engine

CVE-2016-1202 Vulnerability in maven package org.webjars.npm:electron

Severity

Critical

Classification

CWE-613 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory