Vulnerability Details CVE-2015-3189
With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. This vulnerability is applicable only when using the UAA internal user store for authentication. Deployments enabled for integration via SAML or LDAP are not affected.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.0%
CVSS Severity
CVSS v3 Score 3.7
CVSS v2 Score 4.3
Products affected by CVE-2015-3189
-
cpe:2.3:a:cloudfoundry:cf-release:100
-
cpe:2.3:a:cloudfoundry:cf-release:101
-
cpe:2.3:a:cloudfoundry:cf-release:102
-
cpe:2.3:a:cloudfoundry:cf-release:103
-
cpe:2.3:a:cloudfoundry:cf-release:104
-
cpe:2.3:a:cloudfoundry:cf-release:105
-
cpe:2.3:a:cloudfoundry:cf-release:106
-
cpe:2.3:a:cloudfoundry:cf-release:107
-
cpe:2.3:a:cloudfoundry:cf-release:108
-
cpe:2.3:a:cloudfoundry:cf-release:109
-
cpe:2.3:a:cloudfoundry:cf-release:110
-
cpe:2.3:a:cloudfoundry:cf-release:111
-
cpe:2.3:a:cloudfoundry:cf-release:112
-
cpe:2.3:a:cloudfoundry:cf-release:113
-
cpe:2.3:a:cloudfoundry:cf-release:114
-
cpe:2.3:a:cloudfoundry:cf-release:115
-
cpe:2.3:a:cloudfoundry:cf-release:116
-
cpe:2.3:a:cloudfoundry:cf-release:117
-
cpe:2.3:a:cloudfoundry:cf-release:118
-
cpe:2.3:a:cloudfoundry:cf-release:119
-
cpe:2.3:a:cloudfoundry:cf-release:120
-
cpe:2.3:a:cloudfoundry:cf-release:121
-
cpe:2.3:a:cloudfoundry:cf-release:122
-
cpe:2.3:a:cloudfoundry:cf-release:123
-
cpe:2.3:a:cloudfoundry:cf-release:124
-
cpe:2.3:a:cloudfoundry:cf-release:125
-
cpe:2.3:a:cloudfoundry:cf-release:126
-
cpe:2.3:a:cloudfoundry:cf-release:127
-
cpe:2.3:a:cloudfoundry:cf-release:128
-
cpe:2.3:a:cloudfoundry:cf-release:129
-
cpe:2.3:a:cloudfoundry:cf-release:130
-
cpe:2.3:a:cloudfoundry:cf-release:131
-
cpe:2.3:a:cloudfoundry:cf-release:132
-
cpe:2.3:a:cloudfoundry:cf-release:133
-
cpe:2.3:a:cloudfoundry:cf-release:134
-
cpe:2.3:a:cloudfoundry:cf-release:135
-
cpe:2.3:a:cloudfoundry:cf-release:136
-
cpe:2.3:a:cloudfoundry:cf-release:137
-
cpe:2.3:a:cloudfoundry:cf-release:138
-
cpe:2.3:a:cloudfoundry:cf-release:139
-
cpe:2.3:a:cloudfoundry:cf-release:140
-
cpe:2.3:a:cloudfoundry:cf-release:141
-
cpe:2.3:a:cloudfoundry:cf-release:142
-
cpe:2.3:a:cloudfoundry:cf-release:143
-
cpe:2.3:a:cloudfoundry:cf-release:144
-
cpe:2.3:a:cloudfoundry:cf-release:145
-
cpe:2.3:a:cloudfoundry:cf-release:146
-
cpe:2.3:a:cloudfoundry:cf-release:147
-
cpe:2.3:a:cloudfoundry:cf-release:148
-
cpe:2.3:a:cloudfoundry:cf-release:149
-
cpe:2.3:a:cloudfoundry:cf-release:150
-
cpe:2.3:a:cloudfoundry:cf-release:151
-
cpe:2.3:a:cloudfoundry:cf-release:152
-
cpe:2.3:a:cloudfoundry:cf-release:153
-
cpe:2.3:a:cloudfoundry:cf-release:154
-
cpe:2.3:a:cloudfoundry:cf-release:155
-
cpe:2.3:a:cloudfoundry:cf-release:156
-
cpe:2.3:a:cloudfoundry:cf-release:157
-
cpe:2.3:a:cloudfoundry:cf-release:158
-
cpe:2.3:a:cloudfoundry:cf-release:159
-
cpe:2.3:a:cloudfoundry:cf-release:160
-
cpe:2.3:a:cloudfoundry:cf-release:161
-
cpe:2.3:a:cloudfoundry:cf-release:162
-
cpe:2.3:a:cloudfoundry:cf-release:163
-
cpe:2.3:a:cloudfoundry:cf-release:164
-
cpe:2.3:a:cloudfoundry:cf-release:165
-
cpe:2.3:a:cloudfoundry:cf-release:166
-
cpe:2.3:a:cloudfoundry:cf-release:167
-
cpe:2.3:a:cloudfoundry:cf-release:168
-
cpe:2.3:a:cloudfoundry:cf-release:169
-
cpe:2.3:a:cloudfoundry:cf-release:170
-
cpe:2.3:a:cloudfoundry:cf-release:171
-
cpe:2.3:a:cloudfoundry:cf-release:172
-
cpe:2.3:a:cloudfoundry:cf-release:173
-
cpe:2.3:a:cloudfoundry:cf-release:174
-
cpe:2.3:a:cloudfoundry:cf-release:175
-
cpe:2.3:a:cloudfoundry:cf-release:176
-
cpe:2.3:a:cloudfoundry:cf-release:177
-
cpe:2.3:a:cloudfoundry:cf-release:178
-
cpe:2.3:a:cloudfoundry:cf-release:179
-
cpe:2.3:a:cloudfoundry:cf-release:180
-
cpe:2.3:a:cloudfoundry:cf-release:181
-
cpe:2.3:a:cloudfoundry:cf-release:182
-
cpe:2.3:a:cloudfoundry:cf-release:183
-
cpe:2.3:a:cloudfoundry:cf-release:184
-
cpe:2.3:a:cloudfoundry:cf-release:185
-
cpe:2.3:a:cloudfoundry:cf-release:186
-
cpe:2.3:a:cloudfoundry:cf-release:187
-
cpe:2.3:a:cloudfoundry:cf-release:188
-
cpe:2.3:a:cloudfoundry:cf-release:189
-
cpe:2.3:a:cloudfoundry:cf-release:190
-
cpe:2.3:a:cloudfoundry:cf-release:191
-
cpe:2.3:a:cloudfoundry:cf-release:192
-
cpe:2.3:a:cloudfoundry:cf-release:193
-
cpe:2.3:a:cloudfoundry:cf-release:194
-
cpe:2.3:a:cloudfoundry:cf-release:195
-
cpe:2.3:a:cloudfoundry:cf-release:196
-
cpe:2.3:a:cloudfoundry:cf-release:197
-
cpe:2.3:a:cloudfoundry:cf-release:198
-
cpe:2.3:a:cloudfoundry:cf-release:199
-
cpe:2.3:a:cloudfoundry:cf-release:200
-
cpe:2.3:a:cloudfoundry:cf-release:201
-
cpe:2.3:a:cloudfoundry:cf-release:202
-
cpe:2.3:a:cloudfoundry:cf-release:203
-
cpe:2.3:a:cloudfoundry:cf-release:204
-
cpe:2.3:a:cloudfoundry:cf-release:205
-
cpe:2.3:a:cloudfoundry:cf-release:206
-
cpe:2.3:a:cloudfoundry:cf-release:207
-
cpe:2.3:a:cloudfoundry:cf-release:208
-
cpe:2.3:a:cloudfoundry:cf-release:68
-
cpe:2.3:a:cloudfoundry:cf-release:69
-
cpe:2.3:a:cloudfoundry:cf-release:70
-
cpe:2.3:a:cloudfoundry:cf-release:71
-
cpe:2.3:a:cloudfoundry:cf-release:72
-
cpe:2.3:a:cloudfoundry:cf-release:73
-
cpe:2.3:a:cloudfoundry:cf-release:74
-
cpe:2.3:a:cloudfoundry:cf-release:75
-
cpe:2.3:a:cloudfoundry:cf-release:76
-
cpe:2.3:a:cloudfoundry:cf-release:77
-
cpe:2.3:a:cloudfoundry:cf-release:78
-
cpe:2.3:a:cloudfoundry:cf-release:79
-
cpe:2.3:a:cloudfoundry:cf-release:80
-
cpe:2.3:a:cloudfoundry:cf-release:81
-
cpe:2.3:a:cloudfoundry:cf-release:82
-
cpe:2.3:a:cloudfoundry:cf-release:83
-
cpe:2.3:a:cloudfoundry:cf-release:84
-
cpe:2.3:a:cloudfoundry:cf-release:85
-
cpe:2.3:a:cloudfoundry:cf-release:86
-
cpe:2.3:a:cloudfoundry:cf-release:87
-
cpe:2.3:a:cloudfoundry:cf-release:88
-
cpe:2.3:a:cloudfoundry:cf-release:89
-
cpe:2.3:a:cloudfoundry:cf-release:90
-
cpe:2.3:a:cloudfoundry:cf-release:91
-
cpe:2.3:a:cloudfoundry:cf-release:92
-
cpe:2.3:a:cloudfoundry:cf-release:93
-
cpe:2.3:a:cloudfoundry:cf-release:94
-
cpe:2.3:a:cloudfoundry:cf-release:95
-
cpe:2.3:a:cloudfoundry:cf-release:96
-
cpe:2.3:a:cloudfoundry:cf-release:97
-
cpe:2.3:a:cloudfoundry:cf-release:98
-
cpe:2.3:a:cloudfoundry:cf-release:99
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.4.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_elastic_runtime:1.4.5
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.0.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.0.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.0.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.0.3
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.1.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.1.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.10
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.11
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.2.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.2.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.2.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.2.3
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.2.4
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.2.5
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.2.6
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.3.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.3.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.4.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.4.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.4.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.4.3
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.4.4
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.4.5
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.4.6
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.4.7
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.5.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.5.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.5.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.5.2.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.5.3
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.5.4
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.5.4.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.6.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.6.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.6.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.6.3
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.6.4
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.6.5
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.7.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.7.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.7.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.8.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.8.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.8.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.8.3
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.9.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:1.9.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.0.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.0.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.0.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.0.3
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.1.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.2.0
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.2.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.2.2
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.2.3
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.2.4
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.2.4.1
-
cpe:2.3:a:pivotal_software:cloud_foundry_uaa:2.2.5