CB Response: Is the Product Susceptible to CVE-2019-17495's Swagger UI Exploit?

CB Response: Is the Product Susceptible to CVE-2019-17495's Swagger UI Exploit?

search cancel

CB Response: Is the Product Susceptible to CVE-2019-17495's Swagger UI Exploit?

book

Article ID: 287568

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Is CB Response susceptible to the Swagger UI exploit in CVE-2019-17495?

Environment

CB Response Server: 6.x and Below
Swagger UI: 3.23.10 and Below

Resolution

CB Response Server does not utilize the Swagger UI option by default.

Additional Information

The Swagger UI function is hidden and turned off by default.
CB Response 7.0 Server Release will include a newer version of Swagger UI with the applied security update.

Feedback

thumb_up Yes

thumb_down No