cpe:/a:cisecurity:cis-cat_pro_dashboard:1.0.0 cpe:/a:cisecurity:cis-cat_pro_dashboard:1.0.1 cpe:/a:cisecurity:cis-cat_pro_dashboard:1.0.2 cpe:/a:cisecurity:cis-cat_pro_dashboard:1.0.3 CVE-2017-8916 2018-01-31T11:29:00.210-05:00 2018-02-24T16:37:05.930-05:00 4.6 LOCAL LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2018-02-22T10:28:10.663-05:00 CONFIRM https://www.cisecurity.org/cis-security-updates/incorrect-access-control-cve-2017-8916/ In Center for Internet Security CIS-CAT Pro Dashboard before 1.0.4, an authenticated user is able to change an administrative user's e-mail address and send a forgot password email to themselves, thereby gaining administrative access.