Netwrix Auditor vulnerabilities
2 known vulnerabilities affecting netwrix/auditor.
Total CVEs
2
CISA KEV
1
actively exploited
Public exploits
1
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2022-31199P1CRITICALCVSS 9.8KEVPoCRansomwarefixed in 10.52022-11-08
CVE-2022-31199 [CRITICAL] CWE-502 CVE-2022-31199: Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording com
Remote code execution vulnerabilities exist in the Netwrix Auditor User Activity Video Recording component affecting both the Netwrix Auditor server and agents installed on monitored systems. The remote code execution vulnerabilities exist within the underlying protocol used by the component, and potentially allow an unauthenticated remote attacke
nvd
CVE-2019-14969P3HIGHCVSS 7.8fixed in 9.82019-08-12
CVE-2019-14969 [HIGH] CWE-732 CVE-2019-14969: Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDire
Netwrix Auditor before 9.8 has insecure permissions on %PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\ and sub-folders. In addition, the service Netwrix.ADA.StorageAuditService (which writes to that directory) does not perform proper impersonation, and thus the target file will have the same permissions as the invoking process (in this case, grant
nvd