Executive Summary
Several vulnerabilities were identified in Netwrix Directory Manager v11 during an internal security review. These vulnerabilities may permit an attacker to compromise Netwrix Directory Manager and any integrated Identity Stores.
While Netwrix is unaware of any current exploitation of these vulnerabilities, all Netwrix Directory Manager customers are advised to apply the available update immediately.
Vulnerability
| Title | Affected Component | Affected Versions | CVSS 4.0 Score | CVSS 3.1 Score (Base / Temporal) | Description |
|---|---|---|---|---|---|
| Improper Neutralization of Directives in Statically Saved Code (Remove Code Execution) (CVE Pending) | Netwrix Directory Manager | >=11.0.0.0 <11.1.25162.02 | 9.4 | 9.9 / 8.6 | The Netwrix Directory Manager v11 User Portal allows authenticated users to execute arbitrary code as an Administrator on the Netwrix Directory Manager server. This may allow an attacker to compromise Netwrix Directory Manager and any integrated Identity Stores. |
| Improper Neutralization of Special Elements used in a SQL Command (SQL Injection) (CVE Pending) | Netwrix Directory Manager | >=11.0.0.0 <11.1.25162.02 | 9.4 | 9.1 / 7.9 | The Netwrix Directory Manager v11 User Portal does not perform sufficient input sanitization of SQL queries which may allow an authenticated attacker access to sensitive information or compromise Netwrix Directory Manager and any integrated Identity Stores. |
| Insertion of Sensitive Information Into Sent Data (CVE Pending) | Netwrix Directory Manager | >=11.0.0.0 <11.1.25162.02 | 8.5 | 9.1 / 8.4 | The Netwrix Directory Manager v11 Admin Center exposes sensitive information to authenticated users, which may permit an attacker who has gained access to the Admin Center to compromise integrated Identity Stores. |
| Insufficiently Protected Credentials (CVE Pending) | Netwrix Directory Manager | >=11.0.0.0 <11.1.25162.02 | 8.2 | 8.4 / 7.3 | When Netwrix Directory Manager applications are deployed across multiple servers and an Excel Data Source is used with a Excel file on a remote server, the Netwrix Directory Manager service account may be used to access this resource remotely. This may allow an attacker, who has access to the remote server and can intercept Netwrix Directory Manager traffic, to compromise the service account credential. The credential may then be used to compromise Netwrix Directory Manager and any integrated Identity Stores. |
| Improper Neutralization of Unauthenticated Input During Web Page Generation (Cross Site-Scripting) (CVE Pending) | Netwrix Directory Manager | >=11.0.0.0 <11.1.25162.02 | 8.3 | 9.3 / 8.1 | The Netwrix Directory Manager v11 Security Service does not sufficiently encode authentication error data, which may allow an unauthenticated attacker to conduct reflected cross-site scripting (XSS) attacks. Successful attacks may lead to an attacker compromising user credentials. |
| Improper Neutralization of Authenticated Input During Web Page Generation (Cross Site-Scripting) (CVE Pending) | Netwrix Directory Manager | >=11.0.0.0 <11.1.25162.02 | 8.2 | 8.1 / 7.1 | The Netwrix Directory Manager v11 Security Service does not sufficiently encode authentication configuration data, which may allow an attacker who has gained administrative access to the Security Service to execute stored cross-site scripting (XSS) attacks. These attacks may permit an attacker to compromise user credentials during authentication to Netwrix Directory Manager. |
Exploitability
Factors such as whether details about the vulnerability are publicly known, whether an exploit is readily available, or whether adversaries are actively exploiting the vulnerability are valuable in making risk-based judgments about urgency and priority; customers should use the information below in making those decisions.
| Title | Publicly known? | Exploit available? | Actively exploited? |
|---|---|---|---|
| Improper Neutralization of Directives in Statically Saved Code | No | No | No |
| Improper Neutralization of Special Elements used in a SQL Command | No | No | No |
| Insertion of Sensitive Information Into Sent Data | No | No | No |
| Insufficiently Protected Credentials | No | No | No |
| Improper Neutralization of Unauthenticated Input During Web Page Generation | No | No | No |
| Improper Neutralization of Authenticated Input During Web Page Generation | No | No | No |
Solution
All Netwrix Directory Manager customers are advised to apply the available update immediately. This update is essential to remediating risk from the described vulnerabilities.
To prepare for the update Netwrix has released a standalone utility, and documentation, which customers must run prior to applying the update. This utility will export all dynasties, smartgroups, synchronize global, container and transform scripts to the Netwrix Directory Manager server file system, where they are protected from alteration by users other than server administrators, and update relevant jobs to reference the exported files as script sources.
The update is available in the Netwrix Customer Portal, and will apply relevant updates to the application to remediate vulnerabilities described in this document.
After application of the update, customers are advised to rotate the credentials for all configured Identity Stores and conduct a code review of all exported scripts.
Please contact the Netwrix technical support team should you need assistance.
Official Fixes
Updated software has been released containing official fixes for the vulnerabilities as indicated in the table below.
| Product | Release Version |
|---|---|
| Improper Neutralization of Directives in Statically Saved Code | 11.1.25162.02 |
| Improper Neutralization of Special Elements used in a SQL Command | 11.1.25162.02 |
| Insertion of Sensitive Information Into Sent Data | 11.1.25162.02 |
| Insufficiently Protected Credentials | 11.1.25162.02 |
| Improper Neutralization of Unauthenticated Input During Web Page Generation | 11.1.25162.02 |
| Improper Neutralization of Authenticated Input During Web Page Generation | 11.1.25162.02 |
FAQ
-
How do I determine which version of Netwrix Directory Manager is in use?
Please refer to this knowledge base article which shows how to determine the version of Netwrix Directory Manager.
Revisions
Updates to this advisory may be made as necessary. Information about each change will be published in the table below.
| Revision | Date | Description |
|---|---|---|
| 1 | 2025-06-12T18:00:00Z | First published |
Disclaimer
The information and materials included in or linked to this Security Advisory are provided on an “as-is” basis and without warranty of any kind, and we disclaim all representations and warranties of any kind, whether express or implied, including warranties of merchantability and fitness for a particular use. You acknowledge and agree that your use of the information and materials included in or linked to this Security Advisory are at your own risk.