What is CVE-2015-5173?

CVE-2015-5173 is a high-severity vulnerability in Cloudfoundry Cf-release, classified under Information Disclosure. CVSS score: 8.8/10. Published 2017-10-24.

How severe is CVE-2015-5173?

High severity. CVSS v3 base score is 8.8 out of 10.

Information disclosure in Cloudfoundry Cf-release

CVE-2015-5173

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact via vectors involving emails with password recovery links, aka "Cross Do…

Vulnerability class: Information Disclosure

EPSS: 0.004 (61.0th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Cloudfoundry Cf-release
Pivotal_software Cloud_foundry_elastic_runtime
Pivotal_software Cloud_foundry_uaa
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2015-5173?: CVE-2015-5173 is a high-severity vulnerability in Cloudfoundry Cf-release, classified under Information Disclosure. CVSS score: 8.8/10. Published 2017-10-24.
How severe is CVE-2015-5173?: High severity. CVSS v3 base score is 8.8 out of 10.