CVE-2024-28058

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Nov 18, 2024
Updated: Nov 21, 2024
CWE ID 276

Summary

CVE-2024-28058 is a vulnerability affecting RSA NetWitness Platform versions prior to 12.5.1. This issue allows an internal threat actor to bypass user access revocations and gain unauthorized access to sensitive data, even after the targeted user's session has been terminated. Despite an administrator's attempts to restrict access, the impersonated user can continue to access and potentially manipulate sensitive information. This security lapse poses a significant risk to organizations using the RSA NetWitness Platform, emphasizing the importance of updating to the latest version to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • NetWitness

Affected Vendors

  • NetWitness Corp