DECEMBER 2023
Potential sensitive information disclosure CVE-2023-49961
SUMMARY
A vulnerability has been discovered in the WALLIX products that may allow an attacker to access sensitive information. The attacker could use this vulnerability to gain illegitimate accesses.
WALLIX recommends to immediately apply the published fixes, or before it is applied, the workaround described below.
Affected Products
All supported versions of WALLIX Bastion and Access Manager as an appliance.
Workarounds
The following article of our knowledge base provides you with the mitigation procedure.
- Access Manager As Appliance: https://wallix.lightning.force.com/lightning/r/Knowledge__kav/ka0Sb00000007O5IAI/view
- Bastion: https://wallix.lightning.force.com/lightning/r/Knowledge__kav/ka0Sb00000005irIAA/view
Fixed Software
Hotfixes versions and patches are available on our download portal:
-
Bastion 9.0.9 : https://cloud.wallix.com/index.php/s/DBkJWdtsPjW7BSn (SHA256: dc5e3fda310a94cd54835800718cc1ec02084a126f79c82dde465eff40d698a4 )
-
Bastion 10.0.5 : https://cloud.wallix.com/index.php/s/PYjdncJSTaEBRSg (SHA256: 65cdc9b49dfa2160a4a8489fd1c61cad1a48444dbb86cb4a9ac0f4ff527d1197 )
Exploitation and Public Annoncements
WALLIX is not aware of any public announcements or malicious use of the vulnerability that is described in this advisory.
However, it is recommended to look for any abnormal activity on the WALLIX Bastions and WALLIX Access Manager. It is recommended also to ensure that Bastion and Access Manager firewall are enabled.