carbonblack 関連製品全体の CVE とセキュリティ脆弱性情報を集約し、CVSS、EPSS、公開日、脆弱性情報データを掲載しています。
過去の問題は主に vendor risk csrf and vendor risk memory corruption などに関し、一部は vendor impact memory corruption を招き、vendor surface production workloads and vendor surface software deployment 関連の場面に影響します。
掲載データは公開脆弱性情報とセキュリティ公告に基づき、過去の暴露面と修補優先度の評価に利用できます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2018-10407 | An issue was discovered in Carbon Black Cb Response. A maliciously crafted Universal/fat binary can evade third-party code signing checks. By not completing full inspection of the Universal/fat binary, the user of the third-party tool will believe that the code is signed by Apple, but the malicious unsigned code will execute. | [email protected] | 5.5 | 0.44% | 2018-06-13 | 2026-06-16 |
| CVE-2016-9568 | A security design issue can allow an unprivileged user to interact with the Carbon Black Sensor and perform unauthorized actions. | [email protected] | 9.8 | 1.77% | 2018-02-19 | 2026-06-16 |
| CVE-2016-9570 | cb.exe in Carbon Black 5.1.1.60603 allows attackers to cause a denial of service (out-of-bounds read, invalid pointer dereference, and application crash) by leveraging access to the NetMon named pipe. | [email protected] | 7.5 | 1.05% | 2018-02-12 | 2026-06-16 |
| CVE-2016-9569 | The cbstream.sys driver in Carbon Black 5.1.1.60603 allows local users with admin privileges to cause a denial of service (out-of-bounds read and system crash) via a large counter value in an 0x62430028 IOCTL call. | [email protected] | 4.4 | 0.28% | 2018-02-12 | 2026-06-16 |
| CVE-2014-1615 | Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon Black before 4.1.0 allow remote attackers to hijack the authentication of administrators for requests that add new administrative users and have other unspecified action, as demonstrated by a request to api/user. | [email protected] | 6.8 | 0.61% | 2014-04-22 | 2026-06-16 |