CVE-2015-3189 in Cloudfoundry and Pivotal Software Products
Published on May 25, 2017

With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.

NVD

Products Associated with CVE-2015-3189

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2015-3189 are published in these products:

Cloudfoundry Cf Release

Pivotal Software Cloud Foundry Elastic Runtime

Pivotal Software Cloud Foundry Uaa

Affected Versions

Pivotal Cloud Foundry:

Version Runtime cf-release versions v208 or earlier is affected.
Version UAA Standalone versions 2.2.5 or earlier is affected.
Version Runtime 1.4.5 or earlier is affected.

Exploit Probability

EPSS

0.18%

Percentile

39.20%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2015-3189 in Cloudfoundry and Pivotal Software ProductsPublished on May 25, 2017

Products Associated with CVE-2015-3189

Affected Versions

Exploit Probability

CVE-2015-3189 in Cloudfoundry and Pivotal Software Products
Published on May 25, 2017