CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 5CVE-2022-47529 – RSA NetWitness Platform 12.2 - Incorrect Access Control / Code Execution
https://notcve.org/view.php?id=CVE-2022-47529
Insecure Win32 memory objects in Endpoint Windows Agents in RSA NetWitness Platform before 12.2 allow local and admin Windows user accounts to modify the endpoint agent service configuration: to either disable it completely or run user-supplied code or commands, thereby bypassing tamper-protection features via ACL modification. RSA NetWitness Endpoint EDR Agent version 12.x suffers from incorrect access controls that allow for code execution. It allows local users to stop the Endpoint Windows agent from sending the events to a SIEM or make the agent run user-supplied commands. • https://www.exploit-db.com/exploits/51336 https://github.com/hyp3rlinx/CVE-2022-47529 http://seclists.org/fulldisclosure/2023/Mar/26 http://seclists.org/fulldisclosure/2024/Apr/17 https://community.netwitness.com/t5/netwitness-platform-security/nw-2023-04-netwitness-platform-security-advisory-cve-2022-47529/ta-p/696935 https://hyp3rlinx.altervista.org/advisories/RSA_NETWITNESS_EDR_AGENT_INCORRECT_ACCESS_CONTROL_CVE-2022-47529.txt https://packetstormsecurity.com/files/171476/RSA-NetWitness-Endpoint-EDR-Agent •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2019-3725 – Command Injection vulnerability
https://notcve.org/view.php?id=CVE-2019-3725
RSA Netwitness Platform versions prior to 11.2.1.1 and RSA Security Analytics versions prior to 10.6.6.1 are vulnerable to a Command Injection vulnerability due to missing input validation in the product. A remote unauthenticated malicious user could exploit this vulnerability to execute arbitrary commands on the server. Las versiones de RSA Netwitness Platform anteriores a la versión 11.2.1.1 y las de RSA Security Analytics anteriores a 10.6.6.1 son vulnerables a la Inyección de comandos debido a la falta de comprobación de entrada en el producto. Un usuario malicioso remoto no identificado podría explotar esta vulnerabilidad para ejecutar comandos arbitrarios en el servidor. • http://www.securityfocus.com/bid/108355 https://community.rsa.com/docs/DOC-104202 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •