{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-06-09T00:00:00", "descriptions": [{"lang": "en", "value": "The user-information management functionality in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote authenticated users to bypass intended access restrictions and modify administrative credentials via unspecified vectors, a different vulnerability than CVE-2015-2953 and CVE-2015-2958."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-01T15:57:02", "orgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "shortName": "jpcert"}, "references": [{"name": "75184", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/75184"}, {"name": "JVNDB-2015-000077", "tags": ["third-party-advisory", "x_refsource_JVNDB"], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000077"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://jvn.jp/en/jp/JVN19732015/995646/index.html"}, {"name": "JVN#19732015", "tags": ["third-party-advisory", "x_refsource_JVN"], "url": "http://jvn.jp/en/jp/JVN19732015/index.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "vultures@jpcert.or.jp", "ID": "CVE-2015-2952", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The user-information management functionality in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote authenticated users to bypass intended access restrictions and modify administrative credentials via unspecified vectors, a different vulnerability than CVE-2015-2953 and CVE-2015-2958."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "75184", "refsource": "BID", "url": "http://www.securityfocus.com/bid/75184"}, {"name": "JVNDB-2015-000077", "refsource": "JVNDB", "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000077"}, {"name": "http://jvn.jp/en/jp/JVN19732015/995646/index.html", "refsource": "CONFIRM", "url": "http://jvn.jp/en/jp/JVN19732015/995646/index.html"}, {"name": "JVN#19732015", "refsource": "JVN", "url": "http://jvn.jp/en/jp/JVN19732015/index.html"}]}}}}, "cveMetadata": {"assignerOrgId": "ede6fdc4-6654-4307-a26d-3331c018e2ce", "assignerShortName": "jpcert", "cveId": "CVE-2015-2952", "datePublished": "2015-06-13T15:00:00", "dateReserved": "2015-04-07T00:00:00", "dateUpdated": "2016-12-01T15:57:02", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:igreks:milkystep_light:*:*:*:*:*:*:*:*", "matchCriteriaId": "717E9862-9C1D-4D2B-AC6A-D3068D198C03", "versionEndIncluding": "0.94", "vulnerable": true}, {"criteria": "cpe:2.3:a:igreks:milkystep_professional:*:*:*:*:*:*:*:*", "matchCriteriaId": "9BBF034A-902C-4569-BD76-4DF404FB0107", "versionEndIncluding": "1.82", "vulnerable": true}, {"criteria": "cpe:2.3:a:igreks:milkystep_professional_oem:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA50F9BC-6DD9-4A69-9FBE-5F5B4E4B71DD", "versionEndIncluding": "1.82", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The user-information management functionality in Igreks MilkyStep Light 0.94 and earlier and Professional 1.82 and earlier allows remote authenticated users to bypass intended access restrictions and modify administrative credentials via unspecified vectors, a different vulnerability than CVE-2015-2953 and CVE-2015-2958."}, {"lang": "es", "value": "La funcionalidad de la gesti\u00f3n de informaci\u00f3n del usuario en Igreks MilkyStep Light 0.94 y anteriores y Professional 1.82 y anteriores permite a usuarios remotos autenticados evadir las restricciones de acceso y modificar las credenciales administrativas a trav\u00e9s de vectores no especificados, una vulnerabilidad diferente a CVE-2015-2953 y CVE-2015-2958."}], "id": "CVE-2015-2952", "lastModified": "2016-12-03T03:07:22.657", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-06-13T15:59:02.497", "references": [{"source": "vultures@jpcert.or.jp", "url": "http://jvn.jp/en/jp/JVN19732015/995646/index.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "http://jvn.jp/en/jp/JVN19732015/index.html"}, {"source": "vultures@jpcert.or.jp", "tags": ["Vendor Advisory"], "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2015-000077"}, {"source": "vultures@jpcert.or.jp", "url": "http://www.securityfocus.com/bid/75184"}], "sourceIdentifier": "vultures@jpcert.or.jp", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}