Password Reset Link Expiration Vulnerability in Cloud Foundry Runtime, UAA, and PCF Elastic Runtime

Password Reset Link Expiration Vulnerability in Cloud Foundry Runtime, UAA, and PCF Elastic Runtime

CVE-2015-5172 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.

Learn more about our Web Application Penetration Testing UK.