CVE-2015-3190

EPSS 0.2%
Veröffentlicht 25.05.2017 17:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle security_alert@emc.com
Teams Watchlist Login
Unerledigt Login

With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cloudfoundry ≫ Cf-release Version <= 209

Pivotal Software ≫ Cloud Foundry Elastic Runtime Version <= 1.4.5

Pivotal Software ≫ Cloud Foundry Uaa Version <= 2.2.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.387

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://pivotal.io/security/cve-2015-3190

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2015-3190

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-3190

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-3190

EUVD