Failure to Expire Existing Sessions in Cloud Foundry Runtime and Pivotal Cloud Foundry

Failure to Expire Existing Sessions in Cloud Foundry Runtime and Pivotal Cloud Foundry

CVE-2015-5171 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions.

Learn more about our Cloud Audit.