CVE-2015-5170 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2015-5170

CVE-2015-5170

Published:October 24, 2017

Updated:May 17, 2026

Cloud Foundry Runtime cf-release before 216, UAA before 2.5.2, and Pivotal Cloud Foundry (PCF) Elastic Runtime before 1.7.0 allow remote attackers to conduct cross-site request forgery (CSRF) attacks on PWS and log a user into an arbitrary account by leveraging lack of CSRF checks.

Related Resources (7)

https://github.com/cloudfoundry/uaa/commit/a54f3fb8225ef7d5021ca7d4fb52bef1e884568e

https://github.com/cloudfoundry/uaa

http://www.securityfocus.com/bid/101579

https://github.com/cloudfoundry/uaa/commit/41dba9d81dbdf24ede4fb9719de28b1b88b3e1b4

https://nvd.nist.gov/vuln/detail/CVE-2015-5170

https://pivotal.io/security/cve-2015-5170-5173

https://github.com/cloudfoundry/uaa/commit/bdb1a39a1e72f615f2e7a429a896a11e7ee5ec17

Do you need more information?

CVSS v4

Base Score:

8.7

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

PASSIVE

Vulnerable System Confidentiality

HIGH

Vulnerable System Integrity

HIGH

Vulnerable System Availability

HIGH

Subsequent System Confidentiality

NONE

Subsequent System Integrity

NONE

Subsequent System Availability

NONE

CVSS v3

Base Score:

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Weakness Type (CWE)

Cross-Site Request Forgery (CSRF)

CWE-352

EPSS

Base Score:

0.31