CB Response: Is the Product Susceptible to CVE-2019-17495's Swagger UI Exploit?
search cancel

CB Response: Is the Product Susceptible to CVE-2019-17495's Swagger UI Exploit?

book

Article ID: 287568

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Is CB Response susceptible to the Swagger UI exploit in CVE-2019-17495?

Environment

  • CB Response Server: 6.x and Below
  • Swagger UI: 3.23.10¬†and Below

Resolution

CB Response Server does not utilize the Swagger UI option by default.

Additional Information

  • The Swagger UI¬†function is hidden and turned off by default.
  • CB Response 7.0 Server Release will include a newer version of Swagger UI with the applied security update.