This document will explain you about the Cross-Site Request Forgery (CSRF) attack. Attackers were able to add a role and change role privileges for users, from browsers, where an authenticated Endpoint Central user has logged on.
If the attackers happened to gain access to a web browser, where an authenticated Endpoint Central user had previously logged on, then they were able to perform the "Cross-Site Request Forgery Attack" by adding and changing role privileges for Endpoint Central user accounts.
This has been identified and fixed, in the Endpoint Central MSP build # 91034. Upgrade to the latest build for this issue to be fixed.
Keywords: Security Updates, Vulnerabilities and Fixes, Adding and changing role privileges, CSRF