CSRF in Carbonblack Carbon_black
CVE-2014-1615
Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon Black before 4.1.0 allow remote attackers to hijack the authentication of administrators for requests that add new administrative users and have other unspecified action…
Vulnerability class: CSRF (Cross-Site Request Forgery)
EPSS: 0.006 (44.8th percentile) — read the EPSS interpretation.
Affected products
- Carbonblack Carbon_black — versions 4.0.3, 4.1.0
- N/a — versions n/a
Weakness classification (CWE)
References
- cve@mitre.org (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- cve@mitre.org (Exploit, x_refsource_MISC)