2 matches found
CVE-2017-8916
In CIS-CAT Pro Dashboard, prior to version 1.0.4, an authenticated user can change an administrator’s email address and trigger a password-recovery email to themselves, thereby gaining administrative access. This is described in CVE-2017-8916 and corroborated by CNVD/CNVD-2018-05227 and other sou...
CVE-2017-8916
In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user's e-mail address and send a forgot password email to themselves, thereby gaining administrative access...