Main Vulnerability Database Vulnerabilities #VU31404

Weak Password Recovery Mechanism for Forgotten Password in Cloud Foundry UAA - CVE-2015-5172

Published: October 24, 2017 / Updated: July 18, 2020

Vulnerability identifier: #VU31404

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2015-5172

CWE-ID: CWE-640

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Cloud Foundry Foundation

Affected software:
Cloud Foundry UAA

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.

How to mitigate CVE-2015-5172

Install update from vendor's website.

Sources

https://pivotal.io/security/cve-2015-5170-5173

Weak Password Recovery Mechanism for Forgotten Password in Cloud Foundry UAA - CVE-2015-5172

Detailed vulnerability description

How to mitigate CVE-2015-5172

Sources

Please verify you're human