Netwrix Directory Manager
by Netwrix
CVEs (12)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-48748 | Cri | 0.65 | 10.0 | 0.00 | May 29, 2025 | Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded password. | ||
| CVE-2025-48749 | Cri | 0.59 | 9.1 | 0.00 | May 28, 2025 | Netwrix Directory Manager (formerly Imanami GroupID) v11.0.0.0 and before & after v.11.1.25134.03 inserts Sensitive Information into Sent Data. | ||
| CVE-2025-48746 | Med | 0.42 | 6.5 | 0.00 | May 28, 2025 | Netwrix Directory Manager (formerly Imanami GroupID) v.11.0.0.0 and before, as well as after v.11.1.25134.03 lacks Authentication for a Critical Function. | ||
| CVE-2025-54395 | Med | 0.40 | 6.1 | 0.00 | Aug 7, 2025 | Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication configuration data. | ||
| CVE-2025-54392 | Med | 0.40 | 6.1 | 0.00 | Aug 7, 2025 | Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication error data, a different vulnerability than CVE-2025-47189. | ||
| CVE-2025-47189 | Med | 0.40 | 6.1 | 0.00 | Jul 17, 2025 | Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication error data of certain user flows, a different vulnerability than CVE-2025-54392. | ||
| CVE-2025-54396 | Med | 0.35 | 5.4 | 0.00 | Aug 7, 2025 | Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows SQL Injection. Authenticated users can exploit this. | ||
| CVE-2025-54393 | Med | 0.35 | 5.4 | 0.00 | Aug 7, 2025 | Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows Static Code Injection. Authenticated users can obtain administrative access. | ||
| CVE-2025-54394 | Med | 0.34 | 5.3 | 0.00 | Aug 7, 2025 | Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 has Insufficiently Protected Credentials for requests to remote Excel resources. | ||
| CVE-2025-47748 | Med | 0.34 | 5.3 | 0.00 | May 28, 2025 | Netwrix Directory Manager v.11.0.0.0 and before & after v.11.1.25134.03 contains a hardcoded password. | ||
| CVE-2025-48747 | Med | 0.33 | 5.0 | 0.00 | May 28, 2025 | Netwrix Directory Manager (formerly Imanami GroupID) before and including v.11.0.0.0 and after v.11.1.25134.03 has Incorrect Permission Assignment for a Critical Resource. | ||
| CVE-2025-54397 | Med | 0.28 | 4.3 | 0.00 | Aug 7, 2025 | Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 inserts Sensitive Information Into Sent Data to authenticated users. |
- risk 0.65cvss 10.0epss 0.00
Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded password.
- risk 0.59cvss 9.1epss 0.00
Netwrix Directory Manager (formerly Imanami GroupID) v11.0.0.0 and before & after v.11.1.25134.03 inserts Sensitive Information into Sent Data.
- risk 0.42cvss 6.5epss 0.00
Netwrix Directory Manager (formerly Imanami GroupID) v.11.0.0.0 and before, as well as after v.11.1.25134.03 lacks Authentication for a Critical Function.
- risk 0.40cvss 6.1epss 0.00
Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication configuration data.
- risk 0.40cvss 6.1epss 0.00
Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication error data, a different vulnerability than CVE-2025-47189.
- risk 0.40cvss 6.1epss 0.00
Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication error data of certain user flows, a different vulnerability than CVE-2025-54392.
- risk 0.35cvss 5.4epss 0.00
Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows SQL Injection. Authenticated users can exploit this.
- risk 0.35cvss 5.4epss 0.00
Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows Static Code Injection. Authenticated users can obtain administrative access.
- risk 0.34cvss 5.3epss 0.00
Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 has Insufficiently Protected Credentials for requests to remote Excel resources.
- risk 0.34cvss 5.3epss 0.00
Netwrix Directory Manager v.11.0.0.0 and before & after v.11.1.25134.03 contains a hardcoded password.
- risk 0.33cvss 5.0epss 0.00
Netwrix Directory Manager (formerly Imanami GroupID) before and including v.11.0.0.0 and after v.11.1.25134.03 has Incorrect Permission Assignment for a Critical Resource.
- risk 0.28cvss 4.3epss 0.00
Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 inserts Sensitive Information Into Sent Data to authenticated users.