Vulnerabilities > Cloudfoundry > CF Release > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-10-24 | CVE-2015-5172 | Weak Password Recovery Mechanism for Forgotten Password vulnerability in multiple products Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire password reset links. | 7.5 |
| 2017-10-24 | CVE-2015-5171 | Insufficient Session Expiration vulnerability in multiple products The password change functionality in Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow attackers to have unspecified impact by leveraging failure to expire existing sessions. | 7.5 |
| 2017-06-13 | CVE-2017-4992 | Improper Privilege Management vulnerability in multiple products An issue was discovered in Cloud Foundry Foundation cf-release versions prior to v261; UAA release 2.x versions prior to v2.7.4.17, 3.6.x versions prior to v3.6.11, 3.9.x versions prior to v3.9.13, and other versions prior to v4.2.0; and UAA bosh release (uaa-release) 13.x versions prior to v13.15, 24.x versions prior to v24.10, 30.x versions prior to 30.3, and other versions prior to v37. | 7.5 |
| 2017-06-13 | CVE-2016-8218 | Improper Input Validation vulnerability in Cloudfoundry Cf-Release and Routing-Release An issue was discovered in Cloud Foundry Foundation routing-release versions prior to 0.142.0 and cf-release versions 203 to 231. | 7.5 |
| 2017-06-13 | CVE-2016-6655 | Command Injection vulnerability in Cloudfoundry Cf-Mysql-Release and Cf-Release An issue was discovered in Cloud Foundry Foundation Cloud Foundry release versions prior to v245 and cf-mysql-release versions prior to v31. | 7.5 |