Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    8 vulnerabilities by wallix

    CVE-2023-49961 (GCVE-0-2023-49961)

    Vulnerability from nvd – Published: 2024-01-08 00:00 – Updated: 2025-06-18 16:02
    VLAI
    Summary
    WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Control which can lead to sensitive data exposure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-284 - Improper Access Control
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:09:49.466Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wallix.com/support/alerts/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-49961",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-09T14:32:19.753580Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-18T16:02:55.762Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Control which can lead to sensitive data exposure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-08T20:16:33.575Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.wallix.com/support/alerts/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-49961",
        "datePublished": "2024-01-08T00:00:00.000Z",
        "dateReserved": "2023-12-03T00:00:00.000Z",
        "dateUpdated": "2025-06-18T16:02:55.762Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46319 (GCVE-0-2023-46319)

    Vulnerability from nvd – Published: 2023-10-22 00:00 – Updated: 2024-09-12 15:48
    VLAI
    Summary
    WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthenticated access to sensitive information by bypassing access control on a network access administration web interface.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
    Assigner
    References
    Impacted products
    Vendor Product Version
    wallix bastion Affected: 9x , < 9.0.9 (custom)
    Affected: 10x , < 10.0.5 (custom)
        cpe:2.3:a:wallix:bastion:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:45:40.889Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wallix.com/support/alerts/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:wallix:bastion:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bastion",
                "vendor": "wallix",
                "versions": [
                  {
                    "lessThan": "9.0.9",
                    "status": "affected",
                    "version": "9x",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "10.0.5",
                    "status": "affected",
                    "version": "10x",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46319",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T15:44:11.923807Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-288",
                    "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T15:48:37.928Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthenticated access to sensitive information by bypassing access control on a network access administration web interface."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-22T23:01:47.687Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.wallix.com/support/alerts/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-46319",
        "datePublished": "2023-10-22T00:00:00.000Z",
        "dateReserved": "2023-10-22T00:00:00.000Z",
        "dateUpdated": "2024-09-12T15:48:37.928Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-23592 (GCVE-0-2023-23592)

    Vulnerability from nvd – Published: 2023-02-09 00:00 – Updated: 2025-03-24 19:03
    VLAI
    Summary
    WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to access sensitive information.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:35:33.382Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wallix.com"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wallix.com/support/alerts/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23592",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-24T19:03:18.589214Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-200",
                    "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-24T19:03:51.959Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to access sensitive information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-09T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://wallix.com"
            },
            {
              "url": "https://www.wallix.com/support/alerts/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-23592",
        "datePublished": "2023-02-09T00:00:00.000Z",
        "dateReserved": "2023-01-15T00:00:00.000Z",
        "dateUpdated": "2025-03-24T19:03:51.959Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-49961 (GCVE-0-2023-49961)

    Vulnerability from cvelistv5 – Published: 2024-01-08 00:00 – Updated: 2025-06-18 16:02
    VLAI
    Summary
    WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Control which can lead to sensitive data exposure.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-284 - Improper Access Control
    Assigner
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T22:09:49.466Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wallix.com/support/alerts/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-49961",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-01-09T14:32:19.753580Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-284",
                    "description": "CWE-284 Improper Access Control",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-18T16:02:55.762Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Control which can lead to sensitive data exposure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-08T20:16:33.575Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.wallix.com/support/alerts/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-49961",
        "datePublished": "2024-01-08T00:00:00.000Z",
        "dateReserved": "2023-12-03T00:00:00.000Z",
        "dateUpdated": "2025-06-18T16:02:55.762Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-46319 (GCVE-0-2023-46319)

    Vulnerability from cvelistv5 – Published: 2023-10-22 00:00 – Updated: 2024-09-12 15:48
    VLAI
    Summary
    WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthenticated access to sensitive information by bypassing access control on a network access administration web interface.
    Severity
    No CVSS data available.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-288 - Authentication Bypass Using an Alternate Path or Channel
    Assigner
    References
    Impacted products
    Vendor Product Version
    wallix bastion Affected: 9x , < 9.0.9 (custom)
    Affected: 10x , < 10.0.5 (custom)
        cpe:2.3:a:wallix:bastion:-:*:*:*:*:*:*:*
    Create a notification for this product.
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T20:45:40.889Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wallix.com/support/alerts/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:wallix:bastion:-:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unknown",
                "product": "bastion",
                "vendor": "wallix",
                "versions": [
                  {
                    "lessThan": "9.0.9",
                    "status": "affected",
                    "version": "9x",
                    "versionType": "custom"
                  },
                  {
                    "lessThan": "10.0.5",
                    "status": "affected",
                    "version": "10x",
                    "versionType": "custom"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-46319",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-09-12T15:44:11.923807Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-288",
                    "description": "CWE-288 Authentication Bypass Using an Alternate Path or Channel",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-09-12T15:48:37.928Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "WALLIX Bastion 9.x before 9.0.9 and 10.x before 10.0.5 allows unauthenticated access to sensitive information by bypassing access control on a network access administration web interface."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-10-22T23:01:47.687Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.wallix.com/support/alerts/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-46319",
        "datePublished": "2023-10-22T00:00:00.000Z",
        "dateReserved": "2023-10-22T00:00:00.000Z",
        "dateUpdated": "2024-09-12T15:48:37.928Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-23592 (GCVE-0-2023-23592)

    Vulnerability from cvelistv5 – Published: 2023-02-09 00:00 – Updated: 2025-03-24 19:03
    VLAI
    Summary
    WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to access sensitive information.
    SSVC
    Exploitation: none Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • n/a
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T10:35:33.382Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://wallix.com"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.wallix.com/support/alerts/"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 7.5,
                  "baseSeverity": "HIGH",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "NONE",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-23592",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-03-24T19:03:18.589214Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "problemTypes": [
              {
                "descriptions": [
                  {
                    "cweId": "CWE-200",
                    "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
                    "lang": "en",
                    "type": "CWE"
                  }
                ]
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-03-24T19:03:51.959Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "WALLIX Access Manager 3.x through 4.0.x allows a remote attacker to access sensitive information."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-02-09T00:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://wallix.com"
            },
            {
              "url": "https://www.wallix.com/support/alerts/"
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2023-23592",
        "datePublished": "2023-02-09T00:00:00.000Z",
        "dateReserved": "2023-01-15T00:00:00.000Z",
        "dateUpdated": "2025-03-24T19:03:51.959Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CERTFR-2023-AVI-0115

    Vulnerability from certfr_avis - Published: - Updated:

    Une vulnérabilité a été découverte dans WALLIX Access Manager. Elle permet à un attaquant de provoquer une élévation de privilèges.

    Solution

    Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

    None
    Impacted products
    Vendor Product Description
    Wallix N/A WALLIX Access Manager versions 3.0.x antérieures à 3.0.16
    Wallix N/A WALLIX Access Manager versions 4.0.x antérieures à 4.0.3
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "WALLIX Access Manager versions 3.0.x ant\u00e9rieures \u00e0 3.0.16",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Wallix",
              "scada": false
            }
          }
        },
        {
          "description": "WALLIX Access Manager versions 4.0.x ant\u00e9rieures \u00e0 4.0.3",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Wallix",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
      "cves": [
        {
          "name": "CVE-2023-23592",
          "url": "https://www.cve.org/CVERecord?id=CVE-2023-23592"
        }
      ],
      "links": [],
      "reference": "CERTFR-2023-AVI-0115",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2023-02-13T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "\u00c9l\u00e9vation de privil\u00e8ges"
        }
      ],
      "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans WALLIX Access Manager. Elle\npermet \u00e0 un attaquant de provoquer une \u00e9l\u00e9vation de privil\u00e8ges.\n",
      "title": "Vuln\u00e9rabilit\u00e9 dans WALLIX Access Manager",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 WALLIX du 13 f\u00e9vrier 2023",
          "url": "https://www.wallix.com/fr/support/alerts/"
        }
      ]
    }

    CERTFR-2018-ALE-012

    Vulnerability from certfr_alerte - Published: - Updated:

    Le 26 octobre 2018, l'éditeur Wallix a publié une note de sécurité concernant son produit AdminBastion qui inclut la bibliothèque libssh. Celle-ci est affectée par la vulnérabilité CVE-2018-10933 dont l'exploitation permet de contourner de manière triviale l'authentification par clé ssh.

    Les produits Wallix AdminBastion ont pour objectif de sécuriser et surveiller l'activité des administrateurs. Ces derniers se connectent sur le bastion de manière non privilégiée, ce qui leur permet de rebondir sur un compte privilégié au sein du système administré sans en connaître les secrets.

    Solution

    Le CERT-FR recommande de mettre à jour ce produit sans attendre. En cas d'impossibilité de mise à jour de manière rapide, il est nécessaire de filtrer l'accès à ce service aux seuls administrateurs, de changer le mode d'authentification ssh et d'archiver les clés publiques des comptes utilisateurs. Une évaluation des risque doit être conduite pour envisager une désactivation immédiate du bastion et l'utilisation de moyens dégradés pour l'administration.

    Afin de rechercher une exploitation éventuelle de la vulnérabilité, les événements suivants peuvent être observés dans les journaux produits par le bastion :

    None
    Impacted products
    Vendor Product Description
    Wallix N/A Wallix AdminBastion versions antérieures
    Wallix N/A Wallix AdminBastion version 6 jusqu'à la version "HotFix 12"
    Wallix N/A Wallix AdminBastion version 5 jusqu'à la version "HotFix 24"
    References

    Show details on source website

    {
      "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
      "affected_systems": [
        {
          "description": "Wallix AdminBastion versions ant\u00e9rieures",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Wallix",
              "scada": false
            }
          }
        },
        {
          "description": "Wallix AdminBastion version 6 jusqu\u0027\u00e0 la version \"HotFix 12\"",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Wallix",
              "scada": false
            }
          }
        },
        {
          "description": "Wallix AdminBastion version 5 jusqu\u0027\u00e0 la version \"HotFix 24\"",
          "product": {
            "name": "N/A",
            "vendor": {
              "name": "Wallix",
              "scada": false
            }
          }
        }
      ],
      "affected_systems_content": null,
      "closed_at": "2019-02-04",
      "content": "## Solution\n\nLe CERT-FR recommande de mettre \u00e0 jour ce produit sans attendre. En cas\nd\u0027impossibilit\u00e9 de mise \u00e0 jour de mani\u00e8re rapide, il est n\u00e9cessaire de\nfiltrer l\u0027acc\u00e8s \u00e0 ce service aux seuls administrateurs, de changer le\nmode d\u0027authentification ssh et d\u0027archiver les cl\u00e9s publiques des comptes\nutilisateurs. Une \u00e9valuation des risque doit \u00eatre conduite pour\nenvisager une d\u00e9sactivation imm\u00e9diate du bastion et l\u0027utilisation de\nmoyens d\u00e9grad\u00e9s pour l\u0027administration.\n\nAfin de rechercher une exploitation \u00e9ventuelle de la vuln\u00e9rabilit\u00e9, les\n\u00e9v\u00e9nements suivants peuvent \u00eatre observ\u00e9s dans les journaux produits par\nle bastion :\n\n\u003cimg src=\"/uploads/wallix-2.png\"\nclass=\"alignnone size-full wp-image-169831\" width=\"906\" height=\"451\" /\u003e\n",
      "cves": [
        {
          "name": "CVE-2018-10933",
          "url": "https://www.cve.org/CVERecord?id=CVE-2018-10933"
        }
      ],
      "links": [],
      "reference": "CERTFR-2018-ALE-012",
      "revisions": [
        {
          "description": "Version initiale",
          "revision_date": "2018-10-26T00:00:00.000000"
        },
        {
          "description": "Cl\u00f4ture de l\u0027alerte",
          "revision_date": "2019-02-04T00:00:00.000000"
        }
      ],
      "risks": [
        {
          "description": "Contournement de la politique de s\u00e9curit\u00e9"
        }
      ],
      "summary": "Le 26 octobre 2018, l\u0027\u00e9diteur Wallix a publi\u00e9 une note de s\u00e9curit\u00e9\nconcernant son produit AdminBastion qui inclut la biblioth\u00e8que libssh.\nCelle-ci est affect\u00e9e par la vuln\u00e9rabilit\u00e9 CVE-2018-10933 dont\nl\u0027exploitation permet de contourner de mani\u00e8re triviale\nl\u0027authentification par cl\u00e9 ssh.\n\nLes produits Wallix AdminBastion ont pour objectif de s\u00e9curiser et\nsurveiller l\u0027activit\u00e9 des administrateurs. Ces derniers se connectent\nsur le bastion de mani\u00e8re non privil\u00e9gi\u00e9e, ce qui leur permet de\nrebondir sur un compte privil\u00e9gi\u00e9 au sein du syst\u00e8me administr\u00e9 sans en\nconna\u00eetre les secrets.\n\n\u00a0\n",
      "title": "Vuln\u00e9rabilit\u00e9 dans Wallix AdminBastion",
      "vendor_advisories": [
        {
          "published_at": null,
          "title": "Bulletin de s\u00e9curit\u00e9 Wallix du 26 octobre 2018",
          "url": "https://www.wallix.com/wallix-security-advisories-alerts/"
        }
      ]
    }