Netwrix Directory Manager
by Netwrix
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-54395 | 0.00 | — | 0.00 | Aug 7, 2025 | Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication configuration data. | |||
| CVE-2025-54392 | 0.00 | — | 0.00 | Aug 7, 2025 | Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication error data, a different vulnerability than CVE-2025-47189. | |||
| CVE-2025-54393 | 0.00 | — | 0.00 | Aug 7, 2025 | Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows Static Code Injection. Authenticated users can obtain administrative access. | |||
| CVE-2025-54396 | 0.00 | — | 0.00 | Aug 7, 2025 | Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows SQL Injection. Authenticated users can exploit this. | |||
| CVE-2025-54394 | 0.00 | — | 0.00 | Aug 7, 2025 | Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 has Insufficiently Protected Credentials for requests to remote Excel resources. | |||
| CVE-2025-54397 | 0.00 | — | 0.00 | Aug 7, 2025 | Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 inserts Sensitive Information Into Sent Data to authenticated users. | |||
| CVE-2025-48748 | 0.00 | — | 0.00 | May 29, 2025 | Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded password. | |||
| CVE-2025-48749 | 0.00 | — | 0.00 | May 28, 2025 | Netwrix Directory Manager (formerly Imanami GroupID) v11.0.0.0 and before & after v.11.1.25134.03 inserts Sensitive Information into Sent Data. | |||
| CVE-2025-48746 | 0.00 | — | 0.00 | May 28, 2025 | Netwrix Directory Manager (formerly Imanami GroupID) v.11.0.0.0 and before, as well as after v.11.1.25134.03 lacks Authentication for a Critical Function. | |||
| CVE-2025-47748 | 0.00 | — | 0.00 | May 28, 2025 | Netwrix Directory Manager v.11.0.0.0 and before & after v.11.1.25134.03 contains a hardcoded password. | |||
| CVE-2025-48747 | 0.00 | — | 0.00 | May 28, 2025 | Netwrix Directory Manager (formerly Imanami GroupID) before and including v.11.0.0.0 and after v.11.1.25134.03 has Incorrect Permission Assignment for a Critical Resource. |
- CVE-2025-54395Aug 7, 2025risk 0.00cvss —epss 0.00
Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication configuration data.
- CVE-2025-54392Aug 7, 2025risk 0.00cvss —epss 0.00
Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication error data, a different vulnerability than CVE-2025-47189.
- CVE-2025-54393Aug 7, 2025risk 0.00cvss —epss 0.00
Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows Static Code Injection. Authenticated users can obtain administrative access.
- CVE-2025-54396Aug 7, 2025risk 0.00cvss —epss 0.00
Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows SQL Injection. Authenticated users can exploit this.
- CVE-2025-54394Aug 7, 2025risk 0.00cvss —epss 0.00
Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 has Insufficiently Protected Credentials for requests to remote Excel resources.
- CVE-2025-54397Aug 7, 2025risk 0.00cvss —epss 0.00
Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 inserts Sensitive Information Into Sent Data to authenticated users.
- CVE-2025-48748May 29, 2025risk 0.00cvss —epss 0.00
Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded password.
- CVE-2025-48749May 28, 2025risk 0.00cvss —epss 0.00
Netwrix Directory Manager (formerly Imanami GroupID) v11.0.0.0 and before & after v.11.1.25134.03 inserts Sensitive Information into Sent Data.
- CVE-2025-48746May 28, 2025risk 0.00cvss —epss 0.00
Netwrix Directory Manager (formerly Imanami GroupID) v.11.0.0.0 and before, as well as after v.11.1.25134.03 lacks Authentication for a Critical Function.
- CVE-2025-47748May 28, 2025risk 0.00cvss —epss 0.00
Netwrix Directory Manager v.11.0.0.0 and before & after v.11.1.25134.03 contains a hardcoded password.
- CVE-2025-48747May 28, 2025risk 0.00cvss —epss 0.00
Netwrix Directory Manager (formerly Imanami GroupID) before and including v.11.0.0.0 and after v.11.1.25134.03 has Incorrect Permission Assignment for a Critical Resource.