CVE-2015-3189

EPSS 0.18%
Published 25.05.2017 17:29:00
Last modified 20.04.2025 01:37:25
Source security_alert@emc.com
Teams watchlist Login
Open Login

With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Cloudfoundry ≫ Cf-release Version <= 208

Pivotal Software ≫ Cloud Foundry Elastic Runtime Version <= 1.4.5

Pivotal Software ≫ Cloud Foundry Uaa Version <= 2.2.5

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.18%	0.36

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	3.7	2.2	1.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-640 Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

https://pivotal.io/security/cve-2015-3189

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-3189

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-3189

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-3189

EUVD