CVE-2015-5172
CRITICALCloud Foundry Runtime cf-release < 216 - Weak Password Recovery Mechanism
Title source: llmDescription
Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.
References (1)
Core 1
Core References
Vendor Advisory x_refsource_confirm
https://pivotal.io/security/cve-2015-5170-5173
Scores
CVSS v3
9.8
EPSS
0.0117
EPSS Percentile
63.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-640
Status
published
Products (4)
cloudfoundry/cf-release
< 216
org.cloudfoundry.identity/cloudfoundry-identity-server
0 - 2.5.2Maven
pivotal_software/cloud_foundry_elastic_runtime
< 1.7.0
pivotal_software/cloud_foundry_uaa
< 2.5.2
Published
Oct 24, 2017
Tracked Since
Feb 18, 2026