MEDIUM🇬🇧 English

CVE-2014-1615

CVSS 6.8v2.0pub. 2014-04-22upd. 2026-05-06

Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon Black before 4.1.0 allow remote attackers to hijack the authentication of administrators for requests that add new administrative users and have other unspecified action, as demonstrated by a request to api/user.

oryginał EN
CVSS Vector
AV:N/AC:M/Au:N/C:P/I:P/A:P
  • Carbonblack Carbon Black

    APP
    Carbonblack
    4.0.34.1.0≤ 4.1.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2016-9568CRITICAL9.8ten sam produkt

A security design issue can allow an unprivileged user to interact with the Carbon Black Sensor and perform un...

CVE-2016-9570HIGH7.5ten sam produkt

cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a denial of service (out-of-bounds read, invalid ...

CVE-2016-9569MEDIUM4.4ten sam produkt

The cbstream.sys driver in Carbon Black 5.1.1.60603 allows local users with admin privileges to cause a denial...

CVE-2018-10407MEDIUM5.5ten sam vendor

An issue was discovered in Carbon Black Cb Response. A maliciously crafted Universal/fat binary can evade thir...