In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user’s e-mail address and send a forgot password email to themselves, thereby gaining administrative access.
CPE | Name | Operator | Version |
---|---|---|---|
cis-cat_pro_dashboard | eq | 1.0.0 | |
cis-cat_pro_dashboard | eq | 1.0.1 | |
cis-cat_pro_dashboard | eq | 1.0.2 | |
cis-cat_pro_dashboard | eq | 1.0.3 |