PT-2024-22241 · Rsa · Rsa Netwitness Platform
Published
2024-11-18
·
Updated
2024-11-18
·
CVE-2024-28058
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
RSA NetWitness Platform versions prior to 12.5.1
Description
The issue allows an internal threat actor to impersonate a revoked user and gain unauthorized access to sensitive data, even after an administrator has revoked the user's access. This can lead to elevated access remotely.
Recommendations
For versions prior to 12.5.1, upgrade to version 12.5.1 or later to mitigate the risk of unauthorized access.
Fix
Incorrect Default Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Rsa Netwitness Platform