NuytsTech Security

CVE-2017-8916

by ·

In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user’s e-mail address and send a forgot password email to themselves, thereby gaining administrative access.

Date published : 2018-01-31

https://www.cisecurity.org/cis-security-updates/incorrect-access-control-cve-2017-8916/

Tags: