CVE-2015-2952

Igreks MilkyStep Light <0.94 & Pro <1.82 - Auth Bypass

Title source: llm
STIX 2.1

Description

The user-information management functionality in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote authenticated users to bypass intended access restrictions and modify administrative credentials via unspecified vectors, a different vulnerability than CVE-2015-2953 and CVE-2015-2958.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/75184
Vendor Advisory third-party-advisory x_refsource_jvndb
http://jvndb.jvn.jp/jvndb/JVNDB-2015-000077
Third Party Advisory x_refsource_confirm
http://jvn.jp/en/jp/JVN19732015/995646/index.html
Vendor Advisory third-party-advisory x_refsource_jvn
http://jvn.jp/en/jp/JVN19732015/index.html

Scores

EPSS 0.0120
EPSS Percentile 64.4%

Details

CWE
CWE-284
Status published
Products (3)
igreks/milkystep_light < 0.94
igreks/milkystep_professional < 1.82
igreks/milkystep_professional_oem < 1.82
Published Jun 13, 2015
Tracked Since Feb 18, 2026