Description

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.

Remediation

References

https://pivotal.io/security/cve-2015-5170-5173

Related Vulnerabilities

CVE-2022-35924 Vulnerability in npm package next-auth

CVE-2023-30514 Vulnerability in maven package org.jenkins-ci.plugins:azure-keyvault

CVE-2023-36542 Vulnerability in maven package org.apache.nifi:nifi-record-serialization-services

CVE-2019-1003065 Vulnerability in maven package org.jenkins-ci.plugins:cloudshare-docker

CVE-2014-0119 Vulnerability in maven package org.apache.tomcat:tomcat-util-scan

Severity

Critical

Classification

CWE-640 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Vendor Advisory