CVE-2023-49961

EUVD-2023-53856
WALLIX Bastion 7.x, 8.x, 9.x and 10.x and WALLIX Access Manager 3.x and 4.x have Incorrect Access Control which can lead to sensitive data exposure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Affected Products (NVD)
VendorProductVersion
wallixbastion
7.0.0 ≤
𝑥
< 9.0.10
wallixbastion
10.0.0 ≤
𝑥
< 10.0.6
wallixbastion
10.4.0 ≤
𝑥
< 10.4.2
wallixbastion_access_manager
3.0.0 ≤
𝑥
≤ 4.0.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://www.wallix.com/support/alerts/
https://www.wallix.com/support/alerts/