# Security Updates on Vulnerabilities - CVE-2014-9331 - Cross-Site Request Forgery (CSRF) Attack - Endpoint Central Knowledge Base

## CVE-2014-9331 - "Cross-Site Request Forgery (CSRF) Attack"

This document explains the Cross-Site Request Forgery (CSRF) attack. Attackers were able to create administrator accounts from browsers where an authenticated Endpoint Central user had logged on.

> **Vulnerability ID:** CVE-2014-9331  
> **Update Released Build:** 90130  
> **Update Release Date:** Jan 30th 2015

### What was the Problem?

If attackers gained access to a web browser where an authenticated Endpoint Central user had previously logged on, they were able to perform a **Cross-Site Request Forgery (CSRF) attack** to create Endpoint Central administrator accounts.

### How do I fix it?

This issue has been identified and fixed in Endpoint Central build **90130**.

Upgrade to the latest build to resolve this issue:

[Upgrade](https://www.manageengine.com/products/desktop-central/service-packs.html)

**Keywords:** Security Updates, Vulnerabilities and Fixes, Administrator account creation, CVE-2014-9331, CSRF

[Knowledge Base](https://www.manageengine.com/products/desktop-central/knowledge-base.html)