CVE-2017-8916
In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user’s e-mail address and send a forgot password email to themselves, thereby gaining administrative access.
Date published : 2018-01-31
https://www.cisecurity.org/cis-security-updates/incorrect-access-control-cve-2017-8916/