CVE-2015-5172: Cloud Foundry Runtime has Weak Password Recovery Mechanism for Forgotten Password

Severity: Critical

CVSS Score: 9.8

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links.