CVE-2015-3190 in Cloudfoundry and Pivotal Software Products
Published on May 25, 2017

With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter.

NVD

Products Associated with CVE-2015-3190

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2015-3190 are published in these products:

Cloudfoundry Cf Release

Pivotal Software Cloud Foundry Elastic Runtime

Pivotal Software Cloud Foundry Uaa

Affected Versions

Pivotal Cloud Foundry:

Version Runtime cf-release versions v209 or earlier is affected.
Version UAA Standalone versions 2.2.6 or earlier is affected.
Version Runtime 1.4.5 or earlier is affected.

Exploit Probability

EPSS

0.20%

Percentile

41.57%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2015-3190 in Cloudfoundry and Pivotal Software ProductsPublished on May 25, 2017

Products Associated with CVE-2015-3190

Affected Versions

Exploit Probability

CVE-2015-3190 in Cloudfoundry and Pivotal Software Products
Published on May 25, 2017