CVE-2024-28058

Sažetak

In RSA NetWitness (NW) Platform before 12.5.1, even when an administrator revokes the access of a specific user with an active session, an internal threat actor could impersonate the revoked user and gain unauthorized access to sensitive data.

Reference

https://community.netwitness.com/t5/netwitness-platform-online/tkb-p/netwitness-online-documentation
https://community.netwitness.com/t5/netwitness-platform-product/nw-2024-06-netwitness-platform-broken-access-control/ta-p/719454

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

18-11-2024 - 17:11

Objavljeno

18-11-2024 - 15:15