Lucene search

K
cvelistDellCVELIST:CVE-2015-3191
HistoryMay 25, 2017 - 5:00 p.m.

CVE-2015-3191

2017-05-2517:00:00
dell
www.cve.org

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.6%

With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the change_email form in UAA is vulnerable to a CSRF attack. This allows an attacker to trigger an e-mail change for a user logged into a cloud foundry instance via a malicious link on a attacker controlled site. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.

CNA Affected

[
  {
    "product": "Cloud Foundry",
    "vendor": "Pivotal",
    "versions": [
      {
        "status": "affected",
        "version": "Runtime cf-release versions v209 or earlier"
      },
      {
        "status": "affected",
        "version": "UAA Standalone versions 2.2.6 or earlier"
      },
      {
        "status": "affected",
        "version": "Runtime 1.4.5 or earlier"
      }
    ]
  }
]

8.6 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.6%

Related for CVELIST:CVE-2015-3191