# CVE-2014-9331 - "Cross-Site Request Forgery (CSRF) Attack"

This document will explain you about the Cross-Site Request Forgery (CSRF) attack. Attackers were able to create administrator accounts, from browsers, where an authenticated Endpoint Central MSP user has logged on.

**Vulnerability ID:** CVE-2014-9331  
**Update Released Build:** 90130  
**Update Release Date:** Jan 30th 2015

## What was the Problem?

If the attackers happen to gain access to a web browser, where an authenticated Endpoint Central MSP user has previously logged on, then they were able to perform the "Cross-Site Request Forgery Attack" in order to create Endpoint Central administrator accounts.

## How do I fix it?

This has been identified and fixed in the Endpoint Central MSP build **90130**. [Upgrade](https://www.manageengine.com/desktop-management-msp/service-packs.html) to the latest build for this issue to be fixed.

**Keywords:** Security Updates, Vulnerabilities and Fixes, Adminitstrator account creation, CVE-2014-9331, CSRF