CVE-2014-1615

Name of the Vulnerable Software and Affected Versions Carbon Black versions prior to 4.1.0

Description The issue allows remote attackers to hijack the authentication of administrators for requests that add new administrative users. This can be achieved through a request to "api/user", demonstrating a cross-site request forgery (CSRF) vulnerability.

Recommendations For versions prior to 4.1.0, update to version 4.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the "api/user" endpoint to minimize the risk of exploitation.