Lucene search
JpcertCVE-2015-2954HistoryJun 13, 2015 - 2:59 p.m.
CVE-2015-2954
2015-06-1314:59:05
CWE-352
jpcert
web.nvd.nist.gov
30
cve
2015
2954
csrf
vulnerability
igreks
milkystep light
professional
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.4
Confidence
Low
EPSS
0.002
Percentile
52.3%
Cross-site request forgery (CSRF) vulnerability in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote attackers to hijack the authentication of arbitrary users.
Affected configurations
Node
igreksmilkystep_lightRange≤0.94
ORigreksmilkystep_professionalRange≤1.82
ORigreksmilkystep_professional_oemRange≤1.82
| Vendor | Product | Version | CPE |
|---|---|---|---|
| igreks | milkystep_light | * | cpe:2.3:a:igreks:milkystep_light:*:*:*:*:*:*:*:* |
| igreks | milkystep_professional | * | cpe:2.3:a:igreks:milkystep_professional:*:*:*:*:*:*:*:* |
| igreks | milkystep_professional_oem | * | cpe:2.3:a:igreks:milkystep_professional_oem:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2015-2954
2015-06-13 14:00:00
jvn
jvn
JVN#12241436: MilkyStep vulnerable to cross-site request forgery
2015-06-09 00:00:00
prion
prion
Cross site request forgery (csrf)
2015-06-13 14:59:00
nvd
nvd
CVE-2015-2954
2015-06-13 14:59:05
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.4
Confidence
Low
EPSS
0.002
Percentile
52.3%
Related for CVE-2015-2954