Carbon Black Cross-Site Request Forgery (CSRF)

Dell SecureWorks Security Advisory SWRX-2014-007

Advisory Information

  • Title: Carbon Black Cross-Site Request Forgery (CSRF)
  • Advisory ID: SWRX-2014-007
  • Date published: Tuesday, April 1, 2014
  • CVE: CVE-2014-1615
  • CVSS v2 base score: 5.1
  • Date of last update: Tuesday, April 1, 2014
  • Vendors contacted: Carbon Black
  • Release mode: Coordinated
  • Discovered by: Dana James Traversie, Dell SecureWorks


Carbon Black is an endpoint security solution that provides administrative functionality and other features via a dedicated web application. Multiple vulnerabilities in the Carbon Black web application could allow an unauthenticated remote attacker to conduct cross-site request forgery (CSRF) attacks. These vulnerabilities are due to insufficient or missing CSRF protections. An attacker could exploit these vulnerabilities by persuading a user to follow a malicious link or visit an attacker-controlled website.

Dell SecureWorks researchers created a proof of concept video to illustrate the vulnerability, the exploit, and its outcome.

Download the PDF: SWRX-2014-007

PGP Signature

Back to more Threat Analyses and Advisories

Talk with an Expert

Thank you for submitting the form! We have received your request. A Secureworks team member will contact you within one business day.