In RSA NetWitness (NW) Platform before 12.5.1, even when an administrator revokes the access of a specific user with an active session, an internal threat actor could impersonate the revoked user and gain unauthorized access to sensitive data.
https://community.netwitness.com/t5/netwitness-platform-online/tkb-p/netwitness-online-documentation