CVE-2022-47529

Name of the Vulnerable Software and Affected Versions RSA NetWitness Platform versions prior to 12.2

Description The issue allows local and admin Windows user accounts to modify the endpoint agent service configuration, either disabling it completely or running user-supplied code or commands. This bypasses tamper-protection features via ACL modification.

Recommendations For versions prior to 12.2, update to version 12.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the endpoint agent service configuration to minimize the risk of exploitation.