CVE-2015-3190

Summary

With Cloud Foundry Runtime cf-release versions v209 or earlier, UAA Standalone versions 2.2.6 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier the UAA logout link is susceptible to an open redirect which allows an attacker to insert malicious web page as a redirect parameter.

Affected Software

VendorProductVersion RangeStatus
PivotalCloud FoundryRuntime cf-release versions v209 or earlieraffected
PivotalCloud FoundryUAA Standalone versions 2.2.6 or earlieraffected
PivotalCloud FoundryRuntime 1.4.5 or earlieraffected

Weaknesses

  • Open redirect

ADP Enrichment

CVE Program Container

Additional References

References