CVE-2015-5172 — Weak Password Recovery Mechanism for Forgotten Password in Cf-release

CWE-640 — Weak Password Recovery Mechanism for Forgotten Password4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

0.4%

top 39.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cloudfoundry Cf-release Pivotal Software Cloud Foundry Elastic Runtime Pivotal Software Cloud Foundry UAA

Timeline

PublishedOct 24

Latest updateMay 13

Description

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶NVDpivotal_software/cloud_foundry_elastic_runtime< 1.7.0

▶NVDcloudfoundry/cf-release< 216

▶NVDpivotal_software/cloud_foundry_uaa< 2.5.2

🔴Vulnerability Details

GHSA

Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password↗2022-05-13

▶

OSV

Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password↗2022-05-13

▶

CVEList

CVE-2015-5172: Cloud Foundry Runtime cf-release before 216, UAA before 2↗2017-10-24

▶