Executive Summary
A vulnerability was discovered in Netwrix Identity Manager (formerly Usercube) which may expose sensitive information in log files. When verbose logging is enabled, Netwrix Identity Manager may expose passwords for accounts during provisioning or password reset in logs. This may allow a high privileged attacker to compromise user account credentials.
While Netwrix is unaware of any current exploitation of this vulnerability, all Netwrix Identity Manager on premise customers are advised to apply the available update as soon as possible and/or disable verbose logging immediately.
Vulnerability
| Title | Affected Component | Affected Versions | CVSS 4.0 Score | CVSS 3.1 Score (Base / Temporal) | Description |
|---|---|---|---|---|---|
| Insertion of Sensitive Information into Logs | Netwrix Identity Manager | <6.1.10 & <6.2.12 | 7.1 | 8.4 / 7.3 | When verbose logging is enabled, passwords for accounts provisioned by or password is reset by Netwrix Identity Manager are visible in logs. This may allow a high privileged attacker to compromise user account credentials. |
Exploitability
Factors such as whether details about the vulnerability are publicly known, whether an exploit is readily available, or whether adversaries are actively exploiting the vulnerability are valuable in making risk-based judgments about urgency and priority; customers should use the information below in making those decisions.
| Title | Publicly known? | Exploit available? | Actively exploited? |
|---|---|---|---|
| Insertion of Sensitive Information into Logs | Yes | No | No |
Solution
All Netwrix Identity Manager on premise customers are advised to update Netwrix Identity Manager as soon as possible:
- LTS Path (6.1): Update to version 6.1.10 or later
- Feature Release Path (6.2): Update to version 6.2.12 or later
As a temporary mitigation while preparing to update, customers should disable verbose logging immediately. Please see our Monitoring documentation for instructions.
Please contact the Netwrix technical support team should you need assistance.
Official Fixes
Updated software has been released containing official fixes for the vulnerabilities as indicated in the table below.
| Product | Release Version |
|---|---|
| Netwrix Identity Manager 6.1 | 6.1.10 |
| Netwrix Identity Manager 6.2 | 6.2.12 |
FAQ
-
How do I determine which version of Netwrix Identity Manager is in use?
The Netwrix Identity Manager version number can be found in the application’s About menu or by checking the installed software version in your system.
-
How do I determine whether verbose logging is enabled and disable it?
Please see our Monitoring documentation.
-
Are there any configuration changes required after updating?
No additional configuration changes are required. The fix is automatically applied upon updating to the remediated version.
-
Is Netwrix Identity Manager SaaS affected?
No, Netwrix Identity Manager SaaS is not affected.
Revisions
Updates to this advisory may be made as necessary. Information about each change will be published in the table below.
| Revision | Date | Description |
|---|---|---|
| 1 | 2025-12-18T13:00:00Z | First published |
Disclaimer
The information and materials included in or linked to this Security Advisory are provided on an “as-is” basis and without warranty of any kind, and we disclaim all representations and warranties of any kind, whether express or implied, including warranties of merchantability and fitness for a particular use. You acknowledge and agree that your use of the information and materials included in or linked to this Security Advisory are at your own risk.