VYPR
Vendor

Netwrix

Products
9
CVEs
22
Across products
23
Status
Private

Products

9

Recent CVEs

22
View all 22 CVEs →
  • CVE-2022-31199CriKEVNov 8, 2022
    risk 0.85cvss 9.8epss 0.36

    Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems. The remote code execution vulnerabilities exist within the underlying protocol used by…

  • CVE-2025-48748CriMay 29, 2025
    risk 0.65cvss 10.0epss 0.00

    Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded password.

  • CVE-2025-26818CriApr 3, 2025
    risk 0.64cvss 9.8epss 0.01

    Netwrix Password Secure through 9.2 allows command injection.

  • CVE-2025-26817CriApr 3, 2025
    risk 0.64cvss 9.8epss 0.02

    Netwrix Password Secure 9.2.0.32454 allows OS command injection.

  • CVE-2024-36072CriJun 27, 2024
    risk 0.64cvss 9.8epss 0.01

    Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the logging component of the Endpoint Protector and Unify server application which allows an unauthenticated remote attacker to send a malicious…

  • CVE-2023-41264CriNov 28, 2023
    risk 0.64cvss 9.8epss 0.01

    Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, leading to privilege escalation. This only occurs if the configuration omits the required restSettings.AuthorizedClientId and…

  • CVE-2025-48749CriMay 28, 2025
    risk 0.59cvss 9.1epss 0.00

    Netwrix Directory Manager (formerly Imanami GroupID) v11.0.0.0 and before & after v.11.1.25134.03 inserts Sensitive Information into Sent Data.

  • CVE-2019-14969HigAug 12, 2019
    risk 0.51cvss 7.8epss 0.00

    Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\ and sub-folders. In addition, the service Netwrix.ADA.StorageAuditService (which writes to that directory) does not perform proper impersonation, and thus the target file…

  • CVE-2020-15931HigOct 20, 2020
    risk 0.49cvss 7.5epss 0.04

    Netwrix Account Lockout Examiner before 5.1 allows remote attackers to capture the Net-NTLMv1/v2 authentication challenge hash of the Domain Administrator (that is configured within the product in its installation state) by generating a single Kerberos Pre-Authentication Failed…

  • CVE-2024-36074HigJun 27, 2024
    risk 0.47cvss 7.2epss 0.01

    Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the Endpoint Protector and Unify agent in the way that the EasyLock dependency is acquired from the server. An attacker with administrative access to…

  • CVE-2024-36073HigJun 27, 2024
    risk 0.47cvss 7.2epss 0.01

    Netwrix CoSoSys Endpoint Protector through 5.9.3 and CoSoSys Unify through 7.0.6 contain a remote code execution vulnerability in the shadowing component of the Endpoint Protector and Unify agent which allows an attacker with administrative access to the Endpoint Protector or…

  • CVE-2025-48746MedMay 28, 2025
    risk 0.42cvss 6.5epss 0.00

    Netwrix Directory Manager (formerly Imanami GroupID) v.11.0.0.0 and before, as well as after v.11.1.25134.03 lacks Authentication for a Critical Function.

  • CVE-2024-36075MedJun 27, 2024
    risk 0.42cvss 6.5epss 0.01

    The CoSoSys Endpoint Protector through 5.9.3 and Unify agent through 7.0.6 is susceptible to an arbitrary code execution vulnerability due to the way an archive obtained from the Endpoint Protector or Unify server is extracted on the endpoint. An attacker who is able to modify…

  • CVE-2025-54395MedAug 7, 2025
    risk 0.40cvss 6.1epss 0.00

    Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication configuration data.

  • CVE-2025-54392MedAug 7, 2025
    risk 0.40cvss 6.1epss 0.00

    Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication error data, a different vulnerability than CVE-2025-47189.

  • CVE-2025-47189MedJul 17, 2025
    risk 0.40cvss 6.1epss 0.00

    Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows XSS for authentication error data of certain user flows, a different vulnerability than CVE-2025-54392.

  • CVE-2025-54396MedAug 7, 2025
    risk 0.35cvss 5.4epss 0.00

    Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows SQL Injection. Authenticated users can exploit this.

  • CVE-2025-54393MedAug 7, 2025
    risk 0.35cvss 5.4epss 0.00

    Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 allows Static Code Injection. Authenticated users can obtain administrative access.

  • CVE-2025-54394MedAug 7, 2025
    risk 0.34cvss 5.3epss 0.00

    Netwrix Directory Manager (formerly Imanami GroupID) 11.0.0.0 before 11.1.25162.02 has Insufficiently Protected Credentials for requests to remote Excel resources.

  • CVE-2025-47748MedMay 28, 2025
    risk 0.34cvss 5.3epss 0.00

    Netwrix Directory Manager v.11.0.0.0 and before & after v.11.1.25134.03 contains a hardcoded password.