In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user's e-mail address and send a forgot password email to themselves, thereby gaining administrative access.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-01-31T16:00:00
Updated: 2024-08-05T16:48:22.887Z
Reserved: 2017-05-12T00:00:00
Link: CVE-2017-8916
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-01-31T16:29:00.210
Modified: 2018-02-24T21:37:05.930
Link: CVE-2017-8916
Redhat
No data.