Lucene search

[email protected]CVE-2015-2953

HistoryJun 13, 2015 - 3:59 p.m.

CVE-2015-2953

2015-06-1315:59:03

CWE-264

[email protected]

web.nvd.nist.gov

cve-2015-2953

igreks milkystep

access restrictions

remote attackers

file reading

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.9%

JSON

Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to bypass intended access restrictions and read files via unspecified vectors, a different vulnerability than CVE-2015-2952 and CVE-2015-2958.

Affected configurations

NVD

Node

igreksmilkystep_lightRange≤0.94

igreksmilkystep_professionalRange≤1.82

igreksmilkystep_professional_oemRange≤1.82

CPENameOperatorVersion
igreks:milkystep_lightigreks milkystep lightle0.94
igreks:milkystep_professionaligreks milkystep professionalle1.82
igreks:milkystep_professional_oemigreks milkystep professional oemle1.82

CPE	Name	Operator	Version
igreks:milkystep_light	igreks milkystep light	le	0.94
igreks:milkystep_professional	igreks milkystep professional	le	1.82
igreks:milkystep_professional_oem	igreks milkystep professional oem	le	1.82

References

jvn.jp/en/jp/JVN16409640/995646/index.html

jvn.jp/en/jp/JVN16409640/index.html

jvndb.jvn.jp/jvndb/JVNDB-2015-000078

www.securityfocus.com/bid/75073

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.9%

JSON

Related for CVE-2015-2953

cvelist3 prion3 nvd3 cve2 jvn3