CVE-2024-28058 Information

Description

In RSA NetWitness (NW) Platform before 12.5.1 even when an administrator revokes the access of a specific user with an active session an internal threat actor could impersonate the revoked user and gain unauthorized access to sensitive data.

Reference

https://community.netwitness.com/t5/netwitness-platform-online/tkb-p/netwitness-online-documentation https://community.netwitness.com/t5/netwitness-platform-product/nw-2024-06-netwitness-platform-broken-access-control/ta-p/719454