An authenticated and authorized agent user could potentially gain administrative access via an SQLi vulnerability to Capsule8 Console between versions 4.6.0 and 4.9.1.
https://www.sophos.com/en-us/security-advisories/sophos-sa-20220201-cap8-console-sqli