Cloud Foundry User Account and Authentication Server is vulnerable to Information Disclosure. The vulnerability exists because the UAA does not reject a refresh token during a refresh token grant which allows an attacker to gain access to resources until the token expires.