2 matches found
CVE-2022-31199
CVE-2022-31199 is an insecure object deserialization vulnerability in Netwrix Auditor’s User Activity Video Recording component that can allow an unauthenticated attacker to execute arbitrary code as NT AUTHORITY\SYSTEM on Netwrix Auditor servers and monitored agents. The CVE is described as a re...
CVE-2019-14969
Netwrix Auditor pre-9.8 is affected by insecure permissions on %PROGRAMDATA%\Netwrix Auditor\Logs\ActiveDirectory\ and its subfolders. The Netwrix.ADA.StorageAuditService writes to that directory and does not impersonate properly, so target files inherit the invoking process’s permissions, granti...