MEDIUM✓ PATCH🇬🇧 English

CVE-2022-47529

CVSS 6.7v3.1pub. 2023-03-28upd. 2024-11-21

Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection features via ACL modification.

oryginał EN
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
  • Rsa Netwitness

    APP
    Rsa
    < 12.2
🟢
PATCH DOSTĘPNY
Aktualizacja od producenta gotowa. Wdrożenie w ramach standardowego cyklu.
CWE
Referencje

Powiązane podatności

CVE-2019-3725CRITICAL9.8ten sam produkt

RSA Netwitness Platform versions prior to 11.2.1.1 and RSA Security Analytics versions prior to 10.6.6.1 are v...

CVE-2024-47856CRITICAL9.8PL ✓ten sam vendor

RSA Authentication Agent – podatność path interception (unquoted service path)

CVE-2022-30584CRITICAL9.6ten sam vendor

Archer Platform 6.3 before 6.11 (6.11.0.0) contains an Improper Access Control Vulnerability within SSO ADFS f...

CVE-2019-3758CRITICAL9.8ten sam vendor

RSA Archer, versions prior to 6.6 P2 (6.6.0.2), contain an improper authentication vulnerability. The vulnerab...

CVE-2017-14377CRITICAL9.8ten sam vendor

EMC RSA Authentication Agent for Web: Apache Web Server version 8.0 and RSA Authentication Agent for Web: Apac...