What is CVE-2015-3189?

CVE-2015-3189 is a low-severity vulnerability in Cloudfoundry Cf-release, classified under Weak Password Recovery Mechanism for Forgotten Password. CVSS score: 3.7/10. Published 2017-05-25.

How severe is CVE-2015-3189?

Low severity. CVSS v3 base score is 3.7 out of 10.

Vulnerability in Cloudfoundry Cf-release

CVE-2015-3189

With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current emai…

EPSS: 0.002 (39.1th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.7 (Low). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Cloudfoundry Cf-release
Pivotal Cloud Foundry — versions Runtime 1.4.5 or earlier, UAA Standalone versions 2.2.5 or earlier, Runtime cf-release versions v208 or earlier
Pivotal_software Cloud_foundry_elastic_runtime
Pivotal_software Cloud_foundry_uaa

Weakness classification (CWE)

CWE-640 — Weak Password Recovery Mechanism for Forgotten Password

References

security_alert@emc.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2015-3189?: CVE-2015-3189 is a low-severity vulnerability in Cloudfoundry Cf-release, classified under Weak Password Recovery Mechanism for Forgotten Password. CVSS score: 3.7/10. Published 2017-05-25.
How severe is CVE-2015-3189?: Low severity. CVSS v3 base score is 3.7 out of 10.