CVE-2015-2952
Last modified
CVE-2015-2952 is a vulnerability of currently unknown severity. The user-information management functionality in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote authenticated users to bypass intended access restrictions and modify administrative credentials via unspecified vectors, a different vulnerability than CVE-2015-2953 and CVE-2015-2958.. EPSS estimates a 1.20% chance of exploitation in the next 30 days.
Description
The user-information management functionality in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote authenticated users to bypass intended access restrictions and modify administrative credentials via unspecified vectors, a different vulnerability than CVE-2015-2953 and CVE-2015-2958.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Igreks | Milkystep Light | <= 0.94 |
| Igreks | Milkystep Professional | <= 1.82 |
| Igreks | Milkystep Professional Oem | <= 1.82 |
References
- http://jvn.jp/en/jp/JVN19732015/index.htmlVendor Advisory
- http://jvndb.jvn.jp/jvndb/JVNDB-2015-000077Vendor Advisory
- http://jvn.jp/en/jp/JVN19732015/index.htmlVendor Advisory
- http://jvndb.jvn.jp/jvndb/JVNDB-2015-000077Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-2952?
How severe is CVE-2015-2952?
How do I fix CVE-2015-2952?
Are you affected by CVE-2015-2952?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST