What is CVE-2015-3190?

CVE-2015-3190 is a medium-severity vulnerability in Cloudfoundry Cf-release, classified under URL Redirection to Untrusted Site (Open Redirect). CVSS score: 6.1/10. Published 2017-05-25.

How severe is CVE-2015-3190?

Medium severity. CVSS v3 base score is 6.1 out of 10.

Open Redirect in Cloudfoundry Cf-release

CVE-2015-3190

With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to…

Vulnerability class: Open Redirect

EPSS: 0.002 (41.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.1 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N.

Affected products

Cloudfoundry Cf-release
Pivotal Cloud Foundry — versions Runtime 1.4.5 or earlier, UAA Standalone versions 2.2.6 or earlier, Runtime cf-release versions v209 or earlier
Pivotal_software Cloud_foundry_elastic_runtime
Pivotal_software Cloud_foundry_uaa

Weakness classification (CWE)

CWE-601 — URL Redirection to Untrusted Site (Open Redirect)

References

security_alert@emc.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2015-3190?: CVE-2015-3190 is a medium-severity vulnerability in Cloudfoundry Cf-release, classified under URL Redirection to Untrusted Site (Open Redirect). CVSS score: 6.1/10. Published 2017-05-25.
How severe is CVE-2015-3190?: Medium severity. CVSS v3 base score is 6.1 out of 10.