# Security Updates on Vulnerabilities

## Cross-Site Request Forgery (CSRF) Attack on User Management Role Handling

This document will explain you about the Cross-Site Request Forgery (CSRF) attack. Attackers were able to add a role and change role privileges for users, from browsers, where an authenticated Endpoint Central user has logged on.

> **Update Released Build:** 91034  
> **Update Release Date:** Jun 3rd 2015

### What was the Problem?

If the attackers happened to gain access to a web browser, where an authenticated Endpoint Central user had previously logged on, then they were able to perform the "Cross-Site Request Forgery Attack" by adding and changing role privileges for Endpoint Central user accounts.

### How do I fix it?

This has been identified and fixed in Endpoint Central build **91034**. [Upgrade](https://www.manageengine.com/products/desktop-central/service-packs.html) to the latest build for this issue to be fixed.

**Keywords:** Security Updates, Vulnerabilities and Fixes, Adding and changing role privileges, CSRF

[Knowledge Base](https://www.manageengine.com/products/desktop-central/knowledge-base.html)