Vulnerabilities > Pivotal Software > Cloud Foundry Elastic Runtime > 1.4.5

DATE	CVE	VULNERABILITY TITLE	RISK
2017-05-25	CVE-2015-3189	Weak Password Recovery Mechanism for Forgotten Password vulnerability in multiple products With Cloud Foundry Runtime cf-release versions v208 or earlier, UAA Standalone versions 2.2.5 or earlier and Pivotal Cloud Foundry Runtime 1.4.5 or earlier, old Password Reset Links are not expired after the user changes their current email address to a new one. network high complexity pivotal-software cloudfoundry CWE-640	3.7
2017-05-02	CVE-2016-5006	Information Exposure vulnerability in Pivotal Software Cloud Foundry and Cloud Foundry Elastic Runtime The Cloud Controller in Cloud Foundry before 239 logs user-provided service objects at creation, which allows attackers to obtain sensitive user credential information via unspecified vectors. network low complexity pivotal-software CWE-200 critical	9.8
2016-09-18	CVE-2016-0896	7PK - Security Features vulnerability in Pivotal Software Cloud Foundry Elastic Runtime Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.6.34 and 1.7.x before 1.7.12 places 169.254.0.0/16 in the all_open Application Security Group, which might allow remote attackers to bypass intended network-connectivity restrictions by leveraging access to the 169.254.169.254 address. network low complexity pivotal-software CWE-254	7.3

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.