CVE-2015-5172

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:32

Type Values Removed Values Added
References () https://pivotal.io/security/cve-2015-5170-5173 - Vendor Advisory () https://pivotal.io/security/cve-2015-5170-5173 - Vendor Advisory

Information

Published : 2017-10-24 17:29

Updated : 2024-11-21 02:32


NVD link : CVE-2015-5172

Mitre link : CVE-2015-5172

CVE.ORG link : CVE-2015-5172


JSON object : View

Products Affected

cloudfoundry

  • cf-release

pivotal_software

  • cloud_foundry_elastic_runtime
  • cloud_foundry_uaa
CWE
CWE-640

Weak Password Recovery Mechanism for Forgotten Password