Broken Access Control Vulnerability in RSA NetWitness Platform
CVE-2024-28058

Currently unrated

Key Information:

Vendor: RSA Security
Status: RSA NetWitness Platform
Vendor: CVE Published:; 18 November 2024

🔔 Create RSA Security Vulnerability Alert

What is CVE-2024-28058?

In RSA NetWitness Platform versions prior to 12.5.1, a serious flaw exists that enables an internal threat actor to circumvent access controls. Even after an administrator revokes a user's access, the system does not fully terminate the user's session, allowing unauthorized access to sensitive data. This vulnerability highlights the importance of robust session management and the need for constant vigilance in safeguarding user permissions.

References

https://community.netwitness.com/t5/netwitness-platform-o...

https://community.netwitness.com/t5/netwitness-platform-p...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2024