PT-2018-8454 · Center For Internet Security · Cis-Cat Pro Dashboard

Published

2018-01-31

Updated

2018-02-24

CVE-2017-8916

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions CIS-CAT Pro Dashboard versions prior to 1.0.4

Description The issue allows an authenticated user to change an administrative user's e-mail address and send a forgot password email to themselves, thereby gaining administrative access.

Recommendations For versions prior to 1.0.4, update to version 1.0.4 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-640

Related Identifiers

CVE-2017-8916

Affected Products

Cis-Cat Pro Dashboard

PT-2018-8454 · Center For Internet Security · Cis-Cat Pro Dashboard

CVE-2017-8916

Weakness Enumeration

Related Identifiers

Affected Products

References · 3