Executive Summary
Multiple critical vulnerabilities were identified in Netwrix Directory Manager v11 during an internal security review. These vulnerabilities may permit an attacker to compromise Netwrix Directory Manager and any integrated Identity Stores.
While Netwrix is unaware of any current exploitation of these vulnerabilities, all Netwrix Directory Manager customers are advised to apply the available update immediately.
Vulnerability
| Title | Affected Component | Affected Versions | CVSS 4.0 Score | CVSS 3.1 Score (Base / Temporal) | Description |
|---|---|---|---|---|---|
| Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) (CVE Pending) | Netwrix Directory Manager | >=11.0.0.0 <11.1.25199.02 | 9.4 | 9.9 / 8.9 | Netwrix Directory Manager v11 does not perform sufficient SQL query sanitization for specific functions. This may allow an authenticated, low privileged, attacker to gain unauthorized access to data or to compromise Netwrix Directory Manager and any integrated Identity Stores. |
| Missing Authorization - User Portal Password Management (CVE Pending) | Netwrix Directory Manager | >=11.0.0.0 <11.1.25199.02 | 9.4 | 9.9 / 8.9 | Netwrix Directory Manager v11 User Portal does not enforce sufficient authorization controls in the password management feature. This may allow an authenticated attacker to perform a successful password reset on any Netwrix Directory Manager or integrated Identity Store user and compromise Netwrix Directory Manager and any integrated Identity Stores. |
| Storing Passwords in a Recoverable Format (CVE Pending) | Netwrix Directory Manager | >=11.0.0.0 <11.1.25199.02 | 9.4 | 9.1 / 7.9 | Netwrix Directory Manager v11 stores specific administrator account passwords in a recoverable format. This may allow an attacker, who is able to gain access to the stored data, to compromise Netwrix Directory Manager and any integrated Identity Stores. |
| Insufficiently Protected Credentials - Encryption Key (CVE Pending) | Netwrix Directory Manager | >=11.0.0.0 <11.1.25199.02 | 9.4 | 9.1 / 7.9 | Netwrix Directory Manager v11 stores the encryption key that is used to secure sensitive data at rest in an insecure format. This may allow an attacker, who is able to gain access to the encryption key and secured data, to compromise Netwrix Directory Manager and any integrated Identity Stores. |
| Improper Neutralization of Authenticated Input During Web Page Generation (Cross Site-Scripting) (CVE Pending) | Netwrix Directory Manager | >=11.0.0.0 <11.1.25199.02 | 8.5 | 9.0 / 7.8 | Netwrix Directory Manager v11 User Portal does not perform sufficiently output encoding on certain web pages, which may allow an authenticated attacker to conduct stored cross-site scripting (XSS) attacks. Successful attacks may compromise Netwrix Directory Manager and any integrated Identity Stores. |
| Improper Neutralization of Unauthenticated Input During Web Page Generation (Cross Site-Scripting) (CVE Pending) | Netwrix Directory Manager | >=11.0.0.0 <11.1.25199.02 | 8.3 | 9.3 / 8.1 | The Netwrix Directory Manager v11 Security Service does not sufficient encode authentication error data, which may allow an unauthenticated attacker to conduct reflected cross-site scripting (XSS) attacks. Successful attacks may lead to an attacker compromising user credentials. |
Exploitability
Factors such as whether details about the vulnerability are publicly known, whether an exploit is readily available, or whether adversaries are actively exploiting the vulnerability are valuable in making risk-based judgments about urgency and priority; customers should use the information below in making those decisions.
| Title | Publicly known? | Exploit available? | Actively exploited? |
|---|---|---|---|
| Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) | No | No | No |
| Missing Authorization - User Portal Password Management | No | No | No |
| Storing Passwords in a Recoverable Format | No | No | No |
| Insufficiently Protected Credentials - Encryption Key | No | No | No |
| Improper Neutralization of Authenticated Input During Web Page Generation (Cross Site-Scripting) | No | No | No |
| Improper Neutralization of Unauthenticated Input During Web Page Generation (Cross Site-Scripting) | No | No | No |
Solution
All Netwrix Directory Manager customers are advised to apply the available update immediately. This update is essential to remediating risk from the described vulnerabilities.
To prepare for the update Netwrix has released a standalone utility, and documentation, which customers must run prior to applying the update. This utility will rotate the encryption key, store it, in an encrypted format, in a secure location, reencrypt all relevant data with the new encryption key and remove the old encryption key.
The update is available in the Netwrix Customer Portal, and will apply relevant updates to the application to remediate vulnerabilities described in this document.
During the update process, customers will be prompted to set a password for the Netwrix Directory Manager Administrator account. To ensure complete remediation, customers should enter a new, secure, password rather than reusing any existing password.
Please contact the Netwrix technical support team should you need assistance.
Official Fixes
Updated software has been released containing official fixes for the vulnerabilities as indicated in the table below.
| Title | Version |
|---|---|
| Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) | 11.1.25199.02 |
| Missing Authorization - User Portal Password Management | 11.1.25199.02 |
| Storing Passwords in a Recoverable Format | 11.1.25199.02 |
| Insufficiently Protected Credentials - Encryption Key | 11.1.25199.02 |
| Improper Neutralization of Authenticated Input During Web Page Generation (Cross Site-Scripting) | 11.1.25199.02 |
| Improper Neutralization of Unauthenticated Input During Web Page Generation (Cross Site-Scripting) | 11.1.25199.02 |
FAQ
-
How do I determine which version of Netwrix Directory Manager is in use?
Please refer to this knowledge base article which shows how to determine the version of Netwrix Directory Manager.
-
Is Netwrix Directory Manager Credential Provider affected?
No, Netwrix Directory Manager Credential Provider is not affected by any vulnerability listed in this advisory.
Revisions
Updates to this advisory may be made as necessary. Information about each change will be published in the table below.
| Revision | Date | Description |
|---|---|---|
| 2 | 2025-07-22T12:00:00Z | Correct grammatical errors in Solution |
| 1 | 2025-07-22T12:00:00Z | First published |
Disclaimer
The information and materials included in or linked to this Security Advisory are provided on an “as-is” basis and without warranty of any kind, and we disclaim all representations and warranties of any kind, whether express or implied, including warranties of merchantability and fitness for a particular use. You acknowledge and agree that your use of the information and materials included in or linked to this Security Advisory are at your own risk.