On Windows only, with a specially crafted configuration file an attacker could get pxp-agent to load arbitrary code with privilege escalation.
External References:
https://puppet.com/security/cve/CVE-2018-6515
Statement:
This issue did not affect the versions of puppet-agent as shipped with Red Hat Satellite 6 as this issue is specific to Windows platform only.