CVE-2015-3190

MEDIUM

Cloud Foundry <v209 - Open Redirect

Title source: llm

Description

With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter.

References (1)

[Vendor Advisory] https://pivotal.io/security/cve-2015-3190

Scores

CVSS v3 6.1

EPSS 0.0020

EPSS Percentile 41.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE

CWE-601

Status published

Products (6)

cloudfoundry/cf-release < 209

pivotal_software/cloud_foundry_elastic_runtime < 1.4.5

pivotal_software/cloud_foundry_uaa < 2.2.6

Pivotal/Cloud Foundry < Runtime cf-release versions v209 or earlier

Pivotal/Cloud Foundry < UAA Standalone versions 2.2.6 or earlier

Pivotal/Cloud Foundry < Runtime 1.4.5 or earlier

Published May 25, 2017

Tracked Since Feb 18, 2026