2018-01-31 16:00:00
mitre
PUBLISHED
In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative users e-mail address and send a forgot password email to themselves, thereby gaining administrative access.