Lucene search
HistoryJun 13, 2015 - 3:59 p.m.
CVE-2015-2952
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
6.1
Confidence
Low
EPSS
0.005
Percentile
76.9%
The user-information management functionality in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote authenticated users to bypass intended access restrictions and modify administrative credentials via unspecified vectors, a different vulnerability than CVE-2015-2953 and CVE-2015-2958.
Affected configurations
Node
igreksmilkystep_lightRange≤0.94
ORigreksmilkystep_professionalRange≤1.82
ORigreksmilkystep_professional_oemRange≤1.82
| Vendor | Product | Version | CPE |
|---|---|---|---|
| igreks | milkystep_light | * | cpe:2.3:a:igreks:milkystep_light:*:*:*:*:*:*:*:* |
| igreks | milkystep_professional | * | cpe:2.3:a:igreks:milkystep_professional:*:*:*:*:*:*:*:* |
| igreks | milkystep_professional_oem | * | cpe:2.3:a:igreks:milkystep_professional_oem:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
nvd
nvd
CVE-2015-2953
2015-06-13 15:59:03
CVE-2015-2958
2015-06-13 15:59:04
cve
cve
prion
prion
Design/Logic Flaw
2015-06-13 15:59:00
Design/Logic Flaw
2015-06-13 15:59:00
Design/Logic Flaw
2015-06-13 15:59:00
jvn
jvn
JVN#74280258: MilkyStep fails to restrict access permissions
2015-06-09 00:00:00
JVN#16409640: MilkyStep fails to restrict access permissions
2015-06-09 00:00:00
JVN#19732015: MilkyStep fails to restrict access permissions
2015-06-12 00:00:00
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
6.1
Confidence
Low
EPSS
0.005
Percentile
76.9%
Related for NVD:CVE-2015-2952