Описание
The user-information management functionality in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote authenticated users to bypass intended access restrictions and modify administrative credentials via unspecified vectors, a different vulnerability than CVE-2015-2953 and CVE-2015-2958.
Ссылки
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.94 (включая)Версия до 1.82 (включая)Версия до 1.82 (включая)
Одно из
cpe:2.3:a:igreks:milkystep_light:*:*:*:*:*:*:*:*
cpe:2.3:a:igreks:milkystep_professional:*:*:*:*:*:*:*:*
cpe:2.3:a:igreks:milkystep_professional_oem:*:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00224
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-284
Связанные уязвимости
github
больше 3 лет назад
The user-information management functionality in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote authenticated users to bypass intended access restrictions and modify administrative credentials via unspecified vectors, a different vulnerability than CVE-2015-2953 and CVE-2015-2958.
EPSS
Процентиль: 45%
0.00224
Низкий
6.5 Medium
CVSS2
Дефекты
CWE-284