Need to raise a security concern in System Agent - RPATH of “.” allows an attacker to inject code if the working directory is writable by all.

Go to the Agent directory
$ for i in $(ls); do file $i | grep -q ELF && (readelf -d $i | grep -q "RPATH.*\." && echo $i ); done
ESPmgr.bin
as_c_bind
as_c_bind64
chkusr
cybAgent.bin
cybMFCommand
filewatcher

12.1SP1 Agent

By definition, the RPATH "." vulnerability allows an attacker to control a program by executing it after placing a malicious library in a current directory where they have write access.

Lets say someone placed malicious library at /tmp
Then they started the Agent from /tmp as below:
/xxx/xx/xxxxxx/SystemAgent/WA_AGENT/cybAgent -a

As part of cybAgent script it changes directory to /xxx/xx/xxxxxx/SystemAgent/WA_AGENT, so malicious library from /tmp is ignored.
cybAgent.bin, cybspawn.bin and all other Agent binaries also executed the same way.

The Agent home directory (/xxx/xx/xxxxxx/SystemAgent/WA_AGENT) is only writable by root and the optional owner assigned during installation (e.g., autosys). 
Therefore, this attack is only possible if a malicious user gains access to the system as root or autosys account.

RPATH option is noticed in Agent binaries.
Agent binaries are fixed for RPATH option in the upcoming Agent release v24.2.