CVE-2015-2952

The user-information management functionality in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote authenticated users to bypass intended access restrictions and modify administrative credentials via unspecified vectors, a different vulnerability than CVE-2015-2953 and CVE-2015-2958.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
jpcertCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
VendorProductVersion
igreksmilkystep_light
𝑥
≤ 0.94
igreksmilkystep_professional
𝑥
≤ 1.82
igreksmilkystep_professional_oem
𝑥
≤ 1.82
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://jvn.jp/en/jp/JVN19732015/995646/index.html
http://jvn.jp/en/jp/JVN19732015/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000077
http://www.securityfocus.com/bid/75184
http://jvn.jp/en/jp/JVN19732015/995646/index.html
http://jvn.jp/en/jp/JVN19732015/index.html
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000077
http://www.securityfocus.com/bid/75184