CVE-2015-5172

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.
References
Link Resource
https://pivotal.io/security/cve-2015-5170-5173 Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:cloudfoundry:cf-release:*:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:*:*:*:*:*:*:*:*
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2017-10-24 17:29

Updated : 2024-02-28 16:04


NVD link : CVE-2015-5172

Mitre link : CVE-2015-5172

CVE.ORG link : CVE-2015-5172


JSON object : View

Products Affected

pivotal_software

  • cloud_foundry_elastic_runtime
  • cloud_foundry_uaa

cloudfoundry

  • cf-release
CWE
CWE-640

Weak Password Recovery Mechanism for Forgotten Password