RSA NetWitness Endpoint EDR Agent 12.x Incorrect Access Control / Code Execution
Posted on 25 March 2023
RSA NetWitness Endpoint EDR Agent version 12.x suffers from incorrect access controls that allow for code execution. It allows local users to stop the Endpoint Windows agent from sending the events to a SIEM or make the agent run user-supplied commands.