{"id":41720,"date":"2024-01-23T15:46:57","date_gmt":"2024-01-23T14:46:57","guid":{"rendered":"https:\/\/www.wallix.com\/soutien-et-services\/alertes-et-avis\/"},"modified":"2026-03-16T16:51:48","modified_gmt":"2026-03-16T15:51:48","slug":"alertes-de-securite","status":"publish","type":"page","link":"https:\/\/www.wallix.com\/fr\/services-et-support\/alertes-de-securite\/","title":{"rendered":"Alertes et avis"},"content":{"rendered":"\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-m193yzf3-46157c2a07deae6fb12ad1c6535696a5\">\n#top .av-special-heading.av-m193yzf3-46157c2a07deae6fb12ad1c6535696a5{\npadding-bottom:10px;\n}\nbody .av-special-heading.av-m193yzf3-46157c2a07deae6fb12ad1c6535696a5 .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n.av-special-heading.av-m193yzf3-46157c2a07deae6fb12ad1c6535696a5 .av-subheading{\nfont-size:15px;\n}\n<\/style>\n<div  class='av-special-heading av-m193yzf3-46157c2a07deae6fb12ad1c6535696a5 av-special-heading-h1  avia-builder-el-0  el_before_av_section  avia-builder-el-no-sibling '><h1 class='av-special-heading-tag '  itemprop=\"headline\"  >Alertes de service<\/h1><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div>\n<\/div><\/div><\/div><!-- close content main div --><\/div><\/div>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-lrz599mq-7b6e9422e3f6cb184c891c8ab42f10ab\">\n.avia-section.av-lrz599mq-7b6e9422e3f6cb184c891c8ab42f10ab{\nbackground-color:#ffffff;\nbackground-image:unset;\n}\n<\/style>\n<div id='av_section_1'  class='avia-section av-lrz599mq-7b6e9422e3f6cb184c891c8ab42f10ab main_color avia-section-default avia-no-border-styling  avia-builder-el-1  el_after_av_heading  el_before_av_section  avia-bg-style-scroll container_wrap fullsize'  ><div class='container av-section-cont-open' ><div class='template-page content  av-content-full alpha units'><div class='post-entry post-entry-type-page post-entry-41720'><div class='entry-content-wrapper clearfix'>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-lpmr3htm-19cbbeff8e3fa0043ee0a8fb8f3622e5\">\n#top .av-special-heading.av-lpmr3htm-19cbbeff8e3fa0043ee0a8fb8f3622e5{\npadding-bottom:30px;\ncolor:#172542;\nfont-size:30px;\n}\nbody .av-special-heading.av-lpmr3htm-19cbbeff8e3fa0043ee0a8fb8f3622e5 .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n#top #wrap_all .av-special-heading.av-lpmr3htm-19cbbeff8e3fa0043ee0a8fb8f3622e5 .av-special-heading-tag{\nfont-size:30px;\n}\n.av-special-heading.av-lpmr3htm-19cbbeff8e3fa0043ee0a8fb8f3622e5 .special-heading-inner-border{\nborder-color:#172542;\n}\n.av-special-heading.av-lpmr3htm-19cbbeff8e3fa0043ee0a8fb8f3622e5 .av-subheading{\nfont-size:18px;\ncolor:#ec6707;\n}\n\n@media only screen and (min-width: 480px) and (max-width: 767px){ \n#top #wrap_all .av-special-heading.av-lpmr3htm-19cbbeff8e3fa0043ee0a8fb8f3622e5 .av-special-heading-tag{\nfont-size:0.8em;\n}\n}\n\n@media only screen and (max-width: 479px){ \n#top #wrap_all .av-special-heading.av-lpmr3htm-19cbbeff8e3fa0043ee0a8fb8f3622e5 .av-special-heading-tag{\nfont-size:0.8em;\n}\n}\n<\/style>\n<div  class='av-special-heading av-lpmr3htm-19cbbeff8e3fa0043ee0a8fb8f3622e5 av-special-heading-h2 custom-color-heading blockquote modern-quote  avia-builder-el-2  el_before_av_textblock  avia-builder-el-first  av-inherit-size'><h2 class='av-special-heading-tag '  itemprop=\"headline\"  >MARS 2026<\/h2><div class='av_custom_color av-subheading av-subheading_below'><p>AVERTISSEMENT DE S\u00c9CURIT\u00c9] Divulgation d&rsquo;informations sensibles dans les journaux \u2014 Gestionnaire d&rsquo;acc\u00e8s produit<\/p>\n<p>Date de publication : 16 mars 2026 Derni\u00e8re mise \u00e0 jour : 16 mars 2026 Gravit\u00e9 : HAUT Identifiants : WSA-2026-02-0001<\/p>\n<\/div><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div>\n<section  class='av_textblock_section av-lmrwphoe-9201705ebd7b14cf1bfb53a54de8c365 '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/CreativeWork\" ><div class='avia_textblock'  itemprop=\"text\" ><ol>\n<li><strong> R\u00e9sum\u00e9 ex\u00e9cutif<\/strong><\/li>\n<\/ol>\n<p><strong><em>Note :<\/em><\/strong><em> La plupart des utilisateurs ne sont pas affect\u00e9s par cette vuln\u00e9rabilit\u00e9, car elle n\u00e9cessite une configuration sp\u00e9cifique et non par d\u00e9faut pour \u00eatre activ\u00e9e.<\/em><\/p>\n<p>Une vuln\u00e9rabilit\u00e9 de s\u00e9curit\u00e9 a \u00e9t\u00e9 identifi\u00e9e dans <strong>Access<\/strong> Manager concernant la gestion des identifiants dans les journaux syst\u00e8me. Dans des conditions de d\u00e9bogage sp\u00e9cifiques et lorsqu&rsquo;une fonctionnalit\u00e9 sp\u00e9cifique est activ\u00e9e, des mots de passe en clair peuvent \u00eatre \u00e9crits dans des fichiers journaux locaux. Nous avons publi\u00e9 un correctif de s\u00e9curit\u00e9 et fournissons ci-dessous des mesures d&rsquo;att\u00e9nuation imm\u00e9diates.<\/p>\n<ol start=\"2\">\n<li><strong> Produits et port\u00e9e<\/strong><\/li>\n<\/ol>\n<table width=\"760\">\n<tbody>\n<tr>\n<td>Produit<\/td>\n<td>Versions affect\u00e9es<\/td>\n<td>Statut<\/td>\n<\/tr>\n<tr>\n<td><strong>Gestionnaire d&rsquo;acc\u00e8s<\/strong><\/td>\n<td>Toutes les versions 5.2 jusqu&rsquo;\u00e0 la v5.2.3<\/p>\n<p>Toutes les versions 5.1 jusqu&rsquo;\u00e0 la v5.1.6<\/td>\n<td><strong>Vuln\u00e9rable<\/strong><\/td>\n<\/tr>\n<tr>\n<td><strong>Gestionnaire d&rsquo;acc\u00e8s<\/strong><\/td>\n<td>Toutes les versions 5.2 de la v5.2.4<\/p>\n<p>Toutes les versions 5.1 depuis la v5.1.7<\/td>\n<td><strong>\u00c9cussons<\/strong><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>\ud83d\udd0d <\/strong><strong>\u00c9valuation des risques<\/strong><\/p>\n<p>Cette vuln\u00e9rabilit\u00e9 ne s&rsquo;activera que si <strong>LES DEUX<\/strong> conditions suivantes sont remplies :<\/p>\n<ol>\n<li><strong>Niveau de journal \u00ab Par d\u00e9faut \u00bb ou \u00ab API REST WALLIX Bastion \u00bb Le niveau de journal est d\u00e9fini sur DEBUG, TRACE ou ALL<\/strong> (par d\u00e9faut est \u00ab Par d\u00e9faut \u00bb) dans le Gestionnaire d&rsquo;acc\u00e8s<\/li>\n<li><strong>Les utilisateurs sont autoris\u00e9s \u00e0 effectuer des v\u00e9rifications de mots de passe<\/strong> depuis le Gestionnaire d&rsquo;acc\u00e8s.<\/li>\n<\/ol>\n<ol start=\"3\">\n<li><strong> D\u00e9tails des vuln\u00e9rabilit\u00e9s<\/strong><\/li>\n<\/ol>\n<ul>\n<li><strong>Type :<\/strong> CWE-532 (insertion d&rsquo;informations sensibles dans un fichier journal)<\/li>\n<li><strong>Description :<\/strong> Lorsque le syst\u00e8me est r\u00e9gl\u00e9 au niveau du journal DEBUG, l&rsquo;<strong>API REST Wallix Bastion<\/strong> du module ne masque pas la cha\u00eene de mot de passe.<\/li>\n<li><strong>Acc\u00e8s :<\/strong> Un acc\u00e8s local aux fichiers journaux est n\u00e9cessaire pour exploiter cette vuln\u00e9rabilit\u00e9.<\/li>\n<\/ul>\n<ol start=\"4\">\n<li><strong> R\u00e9solution et plan d&rsquo;action<\/strong><\/li>\n<\/ol>\n<p><strong>\u2705<\/strong><strong> Action recommand\u00e9e : Appliquer le correctif de s\u00e9curit\u00e9<\/strong><\/p>\n<ol>\n<li>Nous recommandons de passer au <strong>Gestionnaire d&rsquo;acc\u00e8s v5.1.7 ou v5.2.4 <\/strong>(ou une version sup\u00e9rieure), ce qui introduit un masquage obligatoire des cha\u00eenes sensibles, peu importe le niveau de log.<\/li>\n<li>\u00c0 titre de pr\u00e9caution, nous recommandons fortement de faire tourner tout mot de passe utilis\u00e9 ou trait\u00e9 pendant que le syst\u00e8me \u00e9tait dans la configuration vuln\u00e9rable (voir \u00c9valuation des risques).<\/li>\n<\/ol>\n<p><strong>\u26a0\ufe0f<\/strong><strong> Solution imm\u00e9diate (si la mise \u00e0 jour n&rsquo;est pas possible)<\/strong><\/p>\n<p>Si vous ne pouvez pas mettre \u00e0 jour imm\u00e9diatement, vous pouvez r\u00e9duire le risque en proc\u00e9dant \u00e0 l&rsquo;une des \u00e9tapes suivantes :<\/p>\n<ol>\n<li><strong>D\u00e9sactiver la journalisation du d\u00e9bogage :<\/strong> Assurez-vous que le niveau du journal <strong>n&rsquo;est pas <\/strong>r\u00e9gl\u00e9 sur DEBUG, TRACE ou ALL.<\/li>\n<li><strong>Supprimer les journaux :<\/strong> Supprimer les fichiers journaux de d\u00e9bogage existants contenant des donn\u00e9es historiques.<\/li>\n<\/ol>\n<p><strong>Contact et support<\/strong><\/p>\n<p>Si vous avez des questions ou avez besoin d&rsquo;aide pour les mesures d&rsquo;att\u00e9nuation, veuillez contacter notre support en ouvrant un billet sur le portail de support.<\/p>\n<\/div><\/section>\n<\/div><\/div><\/div><!-- close content main div --><\/div><\/div>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-av_section-8a088b55778457f770d97b418c17e050\">\n.avia-section.av-av_section-8a088b55778457f770d97b418c17e050{\nbackground-color:#e5e5e5;\nbackground-image:unset;\n}\n<\/style>\n<div id='av_section_2'  class='avia-section av-av_section-8a088b55778457f770d97b418c17e050 main_color avia-section-default avia-no-border-styling  avia-builder-el-4  el_after_av_section  el_before_av_section  avia-bg-style-scroll container_wrap fullsize'  ><div class='container av-section-cont-open' ><div class='template-page content  av-content-full alpha units'><div class='post-entry post-entry-type-page post-entry-41720'><div class='entry-content-wrapper clearfix'>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-av_heading-6423eeece191178cc2bddd702e4d1c93\">\n#top .av-special-heading.av-av_heading-6423eeece191178cc2bddd702e4d1c93{\npadding-bottom:30px;\ncolor:#172542;\nfont-size:30px;\n}\nbody .av-special-heading.av-av_heading-6423eeece191178cc2bddd702e4d1c93 .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n#top #wrap_all .av-special-heading.av-av_heading-6423eeece191178cc2bddd702e4d1c93 .av-special-heading-tag{\nfont-size:30px;\n}\n.av-special-heading.av-av_heading-6423eeece191178cc2bddd702e4d1c93 .special-heading-inner-border{\nborder-color:#172542;\n}\n.av-special-heading.av-av_heading-6423eeece191178cc2bddd702e4d1c93 .av-subheading{\nfont-size:18px;\ncolor:#ec6707;\n}\n\n@media only screen and (min-width: 480px) and (max-width: 767px){ \n#top #wrap_all .av-special-heading.av-av_heading-6423eeece191178cc2bddd702e4d1c93 .av-special-heading-tag{\nfont-size:0.8em;\n}\n}\n\n@media only screen and (max-width: 479px){ \n#top #wrap_all .av-special-heading.av-av_heading-6423eeece191178cc2bddd702e4d1c93 .av-special-heading-tag{\nfont-size:0.8em;\n}\n}\n<\/style>\n<div  class='av-special-heading av-av_heading-6423eeece191178cc2bddd702e4d1c93 av-special-heading-h2 custom-color-heading blockquote modern-quote  avia-builder-el-5  el_before_av_textblock  avia-builder-el-first  av-inherit-size'><h2 class='av-special-heading-tag '  itemprop=\"headline\"  >JUILLET 2025<\/h2><div class='av_custom_color av-subheading av-subheading_below'><p>CVE WSA-2025-07-001 Fuite d&rsquo;informations d&rsquo;identification de cibles Web<\/p>\n<\/div><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div>\n<section  class='av_textblock_section av-av_textblock-564067357eb74c20cdd60b282c9b50bd '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/CreativeWork\" ><div class='avia_textblock'  itemprop=\"text\" ><p><strong>Titre : CVE WSA-2025-07-001 Fuite d&rsquo;informations d&rsquo;identification de la cible Web<\/strong><br \/>\n<strong> Date d&rsquo;entr\u00e9e en vigueur : Juillet 2025<\/strong><br \/>\n<strong> R\u00e9sum\u00e9<\/strong><br \/>\n<strong> Une vuln\u00e9rabilit\u00e9 de haute s\u00e9v\u00e9rit\u00e9 (CVSS Base Score 7.7) a \u00e9t\u00e9 d\u00e9couverte<\/strong> dans WALLIX Web Session Manager 4.0.7 (actuellement en version contr\u00f4l\u00e9e).<br \/>\n<strong>D\u00e9tails de la vuln\u00e9rabilit\u00e9<\/strong><br \/>\n<strong>&#8211; Produit :<\/strong> WALLIX Web Session Manager<br \/>\n<strong>&#8211; Version affect\u00e9e :<\/strong> 4.0.7<br \/>\n<strong>&#8211; Fonctionnalit\u00e9 :<\/strong> Sessions web avec injection automatique d&rsquo;informations d&rsquo;identification<br \/>\n<strong>&#8211; D\u00e9tails de la vuln\u00e9rabilit\u00e9 :<\/strong> Lorsqu&rsquo;un utilisateur acc\u00e8de \u00e0 une application web \u00e0 l&rsquo;aide du processus d&rsquo;injection d&rsquo;informations d&rsquo;identification, les informations d&rsquo;identification de l&rsquo;application peuvent \u00eatre expos\u00e9es dans le navigateur et peuvent \u00eatre r\u00e9cup\u00e9r\u00e9es \u00e0 l&rsquo;aide des outils de d\u00e9veloppement du navigateur.<br \/>\n<strong>&#8211; Impact :<\/strong> Des informations d&rsquo;identification sensibles peuvent fuir et \u00eatre utilis\u00e9es pour obtenir un acc\u00e8s non contr\u00f4l\u00e9 aux cibles.<br \/>\n&#8211; <strong>Gravit\u00e9 :<\/strong><br \/>\n\u25e6 CVSS Basic : <strong>7.7<\/strong> (\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:N\/A:N)<br \/>\n\u25e6 CVSS Environmental : <strong>9.4<\/strong> (\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:N\/A:N\/E:H\/RL:O\/RC:C\/CR:H)<br \/>\n<strong>Correctifs<\/strong><br \/>\nLe correctif WALLIX Web Session Manager version 4.0.9 sera disponible d\u00e9but ao\u00fbt 2025.<br \/>\n<strong>Comment v\u00e9rifier si j&rsquo;utilise cette fonction ?<\/strong><br \/>\n1 V\u00e9rifiez que vous avez install\u00e9 un WALLIX Web Session Manager 4.0.7 =&gt; <em>Connectez-vous en tant qu&rsquo;administrateur \u00e0 la solution : le num\u00e9ro de version est affich\u00e9 sur la page d&rsquo;accueil.<\/em><br \/>\n2 V\u00e9rifiez que vous avez configur\u00e9 les cibles de l&rsquo;application web :<br \/>\n1 Cr\u00e9ation d&rsquo;une application web cible =&gt; <em>veuillez vous r\u00e9f\u00e9rer au guide d&rsquo;administration fonctionnelle de WALLIX Bastion 12.2 \u00ab\u00a010.4. Ajouter une application web\u00a0\u00bb section<\/em><br \/>\n2 Cr\u00e9ation du compte de l&rsquo;application web =&gt; <em>veuillez vous r\u00e9f\u00e9rer au guide d&rsquo;administration fonctionnelle de WALLIX Bastion 12.2 \u00ab\u00a012.1 Ajouter des comptes cibles\u00a0\u00bb section<\/em><br \/>\n3 Compte de l&rsquo;application web dans un groupe cible =&gt; <em> veuillez vous r\u00e9f\u00e9rer au guide d&rsquo;administration fonctionnelle de WALLIX Bastion 12.2 \u00ab\u00a012.2 Ajouter des groupes cibles\u00a0\u00bb section<\/em><br \/>\n4 Politique de connexion web avec le credential d&rsquo;injection comme m\u00e9thode d&rsquo;authentification =&gt; <em>veuillez vous r\u00e9f\u00e9rer au guide d&rsquo;administration fonctionnelle de WALLIX Bastion 12.2 \u00ab\u00a011.3.1. Politique de connexion des applications web\u00a0\u00bb section<\/em><br \/>\n<strong>Att\u00e9nuation<\/strong><br \/>\nWALLIX recommande de d\u00e9sactiver l&rsquo;injection de flux d&rsquo;identifiants avec les sessions web et de s&rsquo;appuyer sur une authentification manuelle (login interactif).<\/p>\n<\/div><\/section>\n<\/p>\n<\/div><\/div><\/div><!-- close content main div --><\/div><\/div>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-5m123x-a4736b45fe74d9a3265e59c3af4fd776\">\n.avia-section.av-5m123x-a4736b45fe74d9a3265e59c3af4fd776{\nbackground-color:#ffffff;\nbackground-image:unset;\n}\n<\/style>\n<div id='av_section_3'  class='avia-section av-5m123x-a4736b45fe74d9a3265e59c3af4fd776 main_color avia-section-default avia-no-border-styling  avia-builder-el-7  el_after_av_section  el_before_av_section  avia-bg-style-scroll container_wrap fullsize'  ><div class='container av-section-cont-open' ><div class='template-page content  av-content-full alpha units'><div class='post-entry post-entry-type-page post-entry-41720'><div class='entry-content-wrapper clearfix'>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-3j2srh-dfb5dcc512a05fa48ebb889a16739818\">\n#top .av-special-heading.av-3j2srh-dfb5dcc512a05fa48ebb889a16739818{\npadding-bottom:30px;\ncolor:#172542;\nfont-size:30px;\n}\nbody .av-special-heading.av-3j2srh-dfb5dcc512a05fa48ebb889a16739818 .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n#top #wrap_all .av-special-heading.av-3j2srh-dfb5dcc512a05fa48ebb889a16739818 .av-special-heading-tag{\nfont-size:30px;\n}\n.av-special-heading.av-3j2srh-dfb5dcc512a05fa48ebb889a16739818 .special-heading-inner-border{\nborder-color:#172542;\n}\n.av-special-heading.av-3j2srh-dfb5dcc512a05fa48ebb889a16739818 .av-subheading{\nfont-size:18px;\ncolor:#ec6707;\n}\n\n@media only screen and (min-width: 480px) and (max-width: 767px){ \n#top #wrap_all .av-special-heading.av-3j2srh-dfb5dcc512a05fa48ebb889a16739818 .av-special-heading-tag{\nfont-size:0.8em;\n}\n}\n\n@media only screen and (max-width: 479px){ \n#top #wrap_all .av-special-heading.av-3j2srh-dfb5dcc512a05fa48ebb889a16739818 .av-special-heading-tag{\nfont-size:0.8em;\n}\n}\n<\/style>\n<div  class='av-special-heading av-3j2srh-dfb5dcc512a05fa48ebb889a16739818 av-special-heading-h2 custom-color-heading blockquote modern-quote  avia-builder-el-8  el_before_av_textblock  avia-builder-el-first  av-inherit-size'><h2 class='av-special-heading-tag '  itemprop=\"headline\"  >MARS 2025<\/h2><div class='av_custom_color av-subheading av-subheading_below'><p>CVE XXX WSA-202503-1 AD Discovery : les informations d&rsquo;identification du compte de service configur\u00e9 dans l&rsquo;authentification externe utilis\u00e9e pour extraire des donn\u00e9es d&rsquo;AD et les donn\u00e9es extraites sont envoy\u00e9es en clair.<\/p>\n<\/div><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div>\n<section  class='av_textblock_section av-2sf0al-810e05971651590eb81e3c11725c9a66 '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/CreativeWork\" ><div class='avia_textblock'  itemprop=\"text\" ><div id=\"UniqueMessageBody\" class=\"XbIp4 jmmB7 GNqVo allowTextSelection OuGoX\" tabindex=\"-1\" role=\"document\" aria-label=\"Corps du message\">\n<div>\n<div>\n<div dir=\"ltr\">\n<div lang=\"fr\">\n<div>\n<div class=\"R1UVb\">\n<p><strong>CVE XXX WSA-202503-1 AD Discovery : les<\/strong> informations d&rsquo;identification du compte de service configur\u00e9 dans l&rsquo;authentification externe utilis\u00e9e pour extraire des donn\u00e9es d&rsquo;AD et les donn\u00e9es extraites sont envoy\u00e9es en clair.<\/p>\n<p>Une vuln\u00e9rabilit\u00e9 importante a \u00e9t\u00e9 d\u00e9couverte (\u00e9valu\u00e9e : CVSS 8.9).<\/p>\n<p><strong>Produits concern\u00e9s<\/strong><\/p>\n<p><strong>&#8211; De la version 10.0.0 \u00e0 la version 10.0.10, WALLIX Bastion incluait<\/strong><\/p>\n<p><strong>&#8211; De la version 12.0.0 \u00e0 la version 12.0.8, WALLIX Bastion incluait<\/strong><\/p>\n<p><strong>&#8211; Toutes les versions ne b\u00e9n\u00e9ficiant pas d&rsquo;un support technique sont potentiellement concern\u00e9es<\/strong><\/p>\n<p><strong>R\u00e9sum\u00e9<\/strong><\/p>\n<p><strong>&#8211; Produit :<\/strong> WALLIX Bastion &#8211; Module de d\u00e9couverte<\/p>\n<p><strong>&#8211; Fonctionnalit\u00e9 :<\/strong> D\u00e9couverte des actifs \u00e0 l&rsquo;aide d&rsquo;une connexion crypt\u00e9e authentifi\u00e9e par GSS-API\/STARTTLS \u00e0 un Active Directory.<\/p>\n<p><strong>&#8211; D\u00e9tails de la vuln\u00e9rabilit\u00e9 :<\/strong> WALLIX Bastion envoie des informations lors d&rsquo;un scan, sur les appareils et leurs comptes avec un Active Directory en utilisant GSS-API ou STARTTLS. Les autres fonctionnalit\u00e9s reposant sur l&rsquo;int\u00e9gration d&rsquo;Active Directory ne sont pas affect\u00e9es.<\/p>\n<p><strong>&#8211; Impact :<\/strong> Les informations d&rsquo;identification du compte de service peuvent fuir et les donn\u00e9es sensibles extraites de l&rsquo;Active Directory configur\u00e9 ne sont pas chiffr\u00e9es.<\/p>\n<p><strong>&#8211; Logiciel fixe<\/strong><\/p>\n<p style=\"padding-left: 40px;\">&#8211; WALLIX Bastion 12.0.9 disponible 2025\/03\/26<\/p>\n<p style=\"padding-left: 40px;\">&#8211; WALLIX Bastion 10 patch disponible 2025\/03\/28<\/p>\n<p>Le bulletin de s\u00e9curit\u00e9 WALLIX suivant fournit des informations sur la vuln\u00e9rabilit\u00e9, des recommandations et des solutions de contournement : WSA-202503-1 https:\/\/support.wallix.com\/hc\/en-us\/articles\/25925255587613-WSA-202503-1<\/p>\n<p><strong>CVE XXX WSA-202503-2 WIN RM<\/strong><\/p>\n<p>D\u00e9couverte AD : D\u00e9couverte AD : les informations d&rsquo;identification du compte de service configur\u00e9 lors d&rsquo;une analyse et utilis\u00e9 pour r\u00e9cup\u00e9rer les donn\u00e9es de l&rsquo;AD et les donn\u00e9es r\u00e9cup\u00e9r\u00e9es sont envoy\u00e9es en clair.<\/p>\n<p>Une vuln\u00e9rabilit\u00e9 importante a \u00e9t\u00e9 d\u00e9couverte (\u00e9valu\u00e9e : CVSS 8.9).<\/p>\n<p><strong>Produits concern\u00e9s<\/strong><\/p>\n<p>&#8211; De la version 10.0.0 \u00e0 la version 10.0.10, WALLIX Bastion incluait<\/p>\n<p>&#8211; De la version 12.0.0 \u00e0 la version 12.0.8, WALLIX Bastion incluait<\/p>\n<p>&#8211; Toutes les versions ne b\u00e9n\u00e9ficiant pas d&rsquo;un support technique sont potentiellement concern\u00e9es<\/p>\n<p><strong>R\u00e9sum\u00e9<\/strong><\/p>\n<p><strong>&#8211; Produit :<\/strong> WALLIX Bastion &#8211; Module de d\u00e9couverte<\/p>\n<p><strong>&#8211; Fonctionnalit\u00e9 :<\/strong> D\u00e9couverte des actifs avec activation de la d\u00e9couverte des comptes<\/p>\n<p><strong>&#8211; D\u00e9tails de la vuln\u00e9rabilit\u00e9 :<\/strong> WALLIX Bastion envoie des informations lors d&rsquo;un scan, sur les appareils et leurs comptes avec un Active Directory. Les autres fonctionnalit\u00e9s reposant sur l&rsquo;int\u00e9gration d&rsquo;Active Directory ne sont pas affect\u00e9es.<\/p>\n<p><strong>&#8211; Impact :<\/strong> Les informations d&rsquo;identification du compte de service peuvent fuir.<\/p>\n<p><strong>&#8211; Logiciel fixe<\/strong><\/p>\n<p style=\"padding-left: 40px;\">&#8211; WALLIX Bastion 12.0.9 disponible 2025\/03\/26<\/p>\n<p style=\"padding-left: 40px;\">&#8211; WALLIX Bastion 10 patch disponible 2025\/03\/28<\/p>\n<p>Le bulletin de s\u00e9curit\u00e9 WALLIX suivant fournit des informations sur la vuln\u00e9rabilit\u00e9, des recommandations et des solutions de contournement :<\/p>\n<p>WSA-202503-2 https:\/\/support.wallix.com\/hc\/en-us\/articles\/25925620269213-WSA-202503-2<\/p>\n<p><strong>Fonctionnement et annonces publiques<\/strong><\/p>\n<p>WALLIX n&rsquo;a pas connaissance d&rsquo;annonces publiques ou d&rsquo;utilisations malveillantes de la vuln\u00e9rabilit\u00e9 d\u00e9crite dans cet avis. Cependant, il est recommand\u00e9 de rechercher toute activit\u00e9 anormale sur WALLIX Bastion et les Active Directories associ\u00e9s.<\/p>\n<p>Pour toute question ou information compl\u00e9mentaire, veuillez contacter l&rsquo;\u00e9quipe d&rsquo;assistance \u00e0 l&rsquo;adresse https:\/\/support.wallix.com.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div><\/section>\n\n<\/div><\/div><\/div><!-- close content main div --><\/div><\/div>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-5g2aml-3d738db15a97eb851f16938c4b25f6d3\">\n.avia-section.av-5g2aml-3d738db15a97eb851f16938c4b25f6d3{\nbackground-color:#e5e5e5;\nbackground-image:unset;\n}\n<\/style>\n<div id='av_section_4'  class='avia-section av-5g2aml-3d738db15a97eb851f16938c4b25f6d3 main_color avia-section-default avia-no-border-styling  avia-builder-el-10  el_after_av_section  el_before_av_section  avia-bg-style-scroll container_wrap fullsize'  ><div class='container av-section-cont-open' ><div class='template-page content  av-content-full alpha units'><div class='post-entry post-entry-type-page post-entry-41720'><div class='entry-content-wrapper clearfix'>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-485sh9-55fc4ef7b5e90468f4d4e94c77efb961\">\n#top .av-special-heading.av-485sh9-55fc4ef7b5e90468f4d4e94c77efb961{\npadding-bottom:30px;\ncolor:#172542;\nfont-size:30px;\n}\nbody .av-special-heading.av-485sh9-55fc4ef7b5e90468f4d4e94c77efb961 .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n#top #wrap_all .av-special-heading.av-485sh9-55fc4ef7b5e90468f4d4e94c77efb961 .av-special-heading-tag{\nfont-size:30px;\n}\n.av-special-heading.av-485sh9-55fc4ef7b5e90468f4d4e94c77efb961 .special-heading-inner-border{\nborder-color:#172542;\n}\n.av-special-heading.av-485sh9-55fc4ef7b5e90468f4d4e94c77efb961 .av-subheading{\nfont-size:18px;\ncolor:#ec6707;\n}\n\n@media only screen and (min-width: 480px) and (max-width: 767px){ \n#top #wrap_all .av-special-heading.av-485sh9-55fc4ef7b5e90468f4d4e94c77efb961 .av-special-heading-tag{\nfont-size:0.8em;\n}\n}\n\n@media only screen and (max-width: 479px){ \n#top #wrap_all .av-special-heading.av-485sh9-55fc4ef7b5e90468f4d4e94c77efb961 .av-special-heading-tag{\nfont-size:0.8em;\n}\n}\n<\/style>\n<div  class='av-special-heading av-485sh9-55fc4ef7b5e90468f4d4e94c77efb961 av-special-heading-h2 custom-color-heading blockquote modern-quote  avia-builder-el-11  el_before_av_textblock  avia-builder-el-first  av-inherit-size'><h2 class='av-special-heading-tag '  itemprop=\"headline\"  >NOVEMBRE 2024<\/h2><div class='av_custom_color av-subheading av-subheading_below'><p>CVE-2024-XXXXX &#8211; Contournement du compte utilisateur d\u00e9sactiv\u00e9\/expir\u00e9<\/p>\n<\/div><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div>\n<section  class='av_textblock_section av-2b280d-ac350d0b5bbc4d67702826a4109c2c73 '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/CreativeWork\" ><div class='avia_textblock'  itemprop=\"text\" ><div id=\"UniqueMessageBody\" class=\"XbIp4 jmmB7 GNqVo allowTextSelection OuGoX\" tabindex=\"-1\" role=\"document\" aria-label=\"Corps du message\">\n<div>\n<div>\n<div dir=\"ltr\">\n<div lang=\"fr\">\n<div>\n<div class=\"R1UVb\">\n<div class=\"qF8_5\">\n<div data-olk-copy-source=\"MessageBody\">\n<p>Une vuln\u00e9rabilit\u00e9 CRITIQUE (not\u00e9e 9.1 : CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:C\/C:H\/I:L\/A:L) a \u00e9t\u00e9 d\u00e9couverte dans <b>WALLIX Bastion<\/b> et <b>WALLIX Access Manager<\/b>.<\/p>\n<p>Un num\u00e9ro CVE a \u00e9t\u00e9 demand\u00e9, et nous attendons actuellement son attribution.<\/p>\n<\/div>\n<h3><b>R\u00e9sum\u00e9<\/b><\/h3>\n<div><\/div>\n<div><\/div>\n<div class=\"R1UVb\"><\/div>\n<div class=\"R1UVb\">\n<table id=\"x_x_table_0\" data-editing-info=\"{\" data-layout=\"default\" data-table-width=\"1606\" data-number-column=\"false\" data-testid=\"renderer-table\">\n<tbody>\n<tr>\n<td>\n<div><b>Produit<\/b><\/div>\n<\/td>\n<td>\n<div><b>Fonctionnalit\u00e9<\/b><\/div>\n<\/td>\n<td>\n<div><b>D\u00e9tails de la vuln\u00e9rabilit\u00e9<\/b><\/div>\n<\/td>\n<td>\n<div><b>Impact<\/b><\/div>\n<\/td>\n<td>\n<div><b>Comment v\u00e9rifier si j&rsquo;utilise cette fonction ?<\/b><\/div>\n<\/td>\n<\/tr>\n<tr>\n<td data-colwidth=\"205\">\n<div>WALLIX Bastion<\/div>\n<\/td>\n<td data-colwidth=\"289\">\n<div>Authentification de l&rsquo;utilisateur \u00e0 l&rsquo;aide d&rsquo;une cl\u00e9 SSH stock\u00e9e dans LDAP ou Active Directory<\/div>\n<\/td>\n<td data-colwidth=\"341\">\n<div><b>WALLIX Bastion<\/b> ne v\u00e9rifie pas les drapeaux Expir\u00e9 ou D\u00e9sactiv\u00e9.<\/div>\n<\/td>\n<td data-colwidth=\"363\">\n<div>L&rsquo;utilisateur peut s&rsquo;authentifier sur le Bastion WALLIX et acc\u00e9der \u00e0 ses cibles SSH.<\/div>\n<\/td>\n<td data-colwidth=\"404\">\n<div>Dans <i>Configuration &gt; Domaines d&rsquo;authentification &gt; Active Directory <\/i>ou<i> LDAP, l&rsquo;attribut de la cl\u00e9 publique SSH <\/i>est d\u00e9fini.<\/div>\n<\/td>\n<\/tr>\n<tr>\n<td data-colwidth=\"205\">\n<div>WALLIX Bastion<\/div>\n<\/td>\n<td data-colwidth=\"289\">\n<div>Authentification de l&rsquo;utilisateur \u00e0 l&rsquo;aide d&rsquo;un certificat X.509 stock\u00e9 dans LDAP ou Active Directory<\/div>\n<\/td>\n<td data-colwidth=\"341\">\n<div><b>WALLIX Bastion<\/b> ne v\u00e9rifie pas les drapeaux Expir\u00e9 ou D\u00e9sactiv\u00e9.<\/div>\n<\/td>\n<td data-colwidth=\"363\">\n<div>L&rsquo;utilisateur peut s&rsquo;authentifier sur l&rsquo;interface graphique de WALLIX Bastion et acc\u00e9der \u00e0 ses cibles.<\/div>\n<\/td>\n<td data-colwidth=\"404\">\n<div>Les deux conditions ci-dessous sont remplies :<\/div>\n<ul data-indent-level=\"1\">\n<li>\n<div>Dans <i>Configuration &gt; Options de configuration<\/i> &gt; Configuration X.509, la case <i>Activer l&rsquo;authentification X.509 est<\/i> coch\u00e9e.<\/div>\n<\/li>\n<li>\n<div>Dans <i>Configuration &gt; Domaines d&rsquo;authentification &gt; Active Directory <\/i>ou<i> LDAP<\/i>, la case <i>Activer l&rsquo;authentification X509 <\/i>est coch\u00e9e.<\/div>\n<\/li>\n<\/ul>\n<\/td>\n<\/tr>\n<tr>\n<td data-colwidth=\"205\">\n<div>Gestionnaire d&rsquo;acc\u00e8s WALLIX<\/div>\n<\/td>\n<td data-colwidth=\"289\">\n<div>Authentification de l&rsquo;utilisateur \u00e0 l&rsquo;aide d&rsquo;un certificat X.509 stock\u00e9 dans Active Directory<\/div>\n<\/td>\n<td data-colwidth=\"341\">\n<div><b>WALLIX Access Manager <\/b>ne v\u00e9rifie pas les drapeaux expir\u00e9s.<\/div>\n<\/td>\n<td data-colwidth=\"363\">\n<div>L&rsquo;utilisateur peut \u00eatre en mesure de s&rsquo;authentifier sur l&rsquo;interface graphique du gestionnaire d&rsquo;acc\u00e8s WALLIX et d&rsquo;acc\u00e9der \u00e0 ses cibles.<\/div>\n<\/td>\n<td data-colwidth=\"404\">\n<div>Dans l&rsquo;organisation globale, <i>Configuration <\/i>&gt; <i>Domaines <\/i>&gt; S\u00e9lectionner un domaine LDAP, <i>Autoriser X509 Cert. Authentification<\/i> est v\u00e9rifi\u00e9<\/div>\n<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<\/div>\n<div>Note : WALLIX Access Manager ne supporte pas l&rsquo;authentification des utilisateurs avec un certificat X.509 stock\u00e9 dans LDAP.<\/div>\n<div>Note : WALLIX Access Manager ne permet pas l&rsquo;authentification des utilisateurs avec une cl\u00e9 SSH.<\/div>\n<div>Remarque : Les informations d&rsquo;identification de l&rsquo;utilisateur (cl\u00e9 priv\u00e9e SSH ou cl\u00e9 priv\u00e9e X.509 associ\u00e9e au certificat) doivent \u00eatre valides.<\/div>\n<div>WALLIX recommande d&rsquo;appliquer imm\u00e9diatement les correctifs publi\u00e9s ou, avant qu&rsquo;ils ne soient appliqu\u00e9s, les solutions de contournement d\u00e9crites ci-dessous.<\/div>\n<div><\/div>\n<div><\/div>\n<h3><b>Produits concern\u00e9s<\/b><\/h3>\n<div><\/div>\n<\/div>\n<div><\/div>\n<div class=\"qF8_5\">\n<div><b>Bastion :<\/b><\/div>\n<ul data-indent-level=\"1\">\n<li>\n<div>Toutes les versions de WALLIX Bastion 12.0 jusqu&rsquo;\u00e0 12.0.3 incluses<\/div>\n<\/li>\n<li>\n<div>Tous les WALLIX Bastion 11.0<\/div>\n<\/li>\n<li>\n<div>Tous les WALLIX Bastion 10.1, 10.2, 10.3, 10.4<\/div>\n<\/li>\n<li>\n<div>Tous les WALLIX Bastion 10.0 jusqu&rsquo;\u00e0 10.0.9 inclus<\/div>\n<\/li>\n<li>\n<div>Tous les WALLIX Bastion 9.0, 9.1<\/div>\n<\/li>\n<li>\n<div>Tous les WALLIX Bastion pr\u00e9c\u00e9dents peuvent \u00eatre affect\u00e9s.<\/div>\n<\/li>\n<\/ul>\n<div><b>Gestionnaire d&rsquo;acc\u00e8s :<\/b><\/div>\n<ul data-indent-level=\"1\">\n<li>\n<div>WALLIX Access Manager 5.1.0<\/div>\n<\/li>\n<li>\n<div>Toutes les versions de WALLIX Access Manager 5.0<\/div>\n<\/li>\n<li>\n<div>Toutes les versions de WALLIX Access Manager 4.4<\/div>\n<\/li>\n<li>\n<div>Toutes les versions de WALLIX Access Manager 4.0 jusqu&rsquo;\u00e0 4.0.7 incluses<\/div>\n<\/li>\n<li>\n<div>Toutes les versions pr\u00e9c\u00e9dentes de WALLIX Access Manager peuvent \u00eatre affect\u00e9es.<\/div>\n<\/li>\n<\/ul>\n<h3><b>Indicateur de compromis<\/b><\/h3>\n<div><\/div>\n<div><\/div>\n<div>V\u00e9rifiez le journal d&rsquo;authentification sur WALLIX Bastion et WALLIX Access Manager pour vous assurer qu&rsquo;aucun compte d\u00e9sactiv\u00e9 ou expir\u00e9 n&rsquo;a \u00e9t\u00e9 utilis\u00e9.<\/div>\n<div><\/div>\n<div><\/div>\n<h3><b>Solutions de rechange<\/b><\/h3>\n<div><\/div>\n<div><\/div>\n<div><\/div>\n<div><b>Compte expir\u00e9 et d\u00e9sactiv\u00e9 :<\/b><\/div>\n<div><\/div>\n<div>Pour WALLIX Bastion et WALLIX Access Manager, supprimez la cl\u00e9 SSH ou le hachage du certificat stock\u00e9 dans le compte utilisateur Active Directory ou LDAP.<\/div>\n<div>Le certificat X.509 peut \u00e9galement \u00eatre r\u00e9voqu\u00e9 si les CRL sont correctement configur\u00e9es dans WALLIX Bastion et WALLIX Access Manager.<\/div>\n<div><\/div>\n<div><\/div>\n<div><\/div>\n<div><b>Compte d\u00e9sactiv\u00e9 uniquement :<\/b><\/div>\n<div><\/div>\n<div><\/div>\n<div>Si vous ne pouvez pas supprimer les cl\u00e9s SSH ou le certificat X.509 dans Active Directory :<\/div>\n<ul data-indent-level=\"1\">\n<li>\n<div>WALLIX Bastion, allez dans <i>Configuration &gt; Options de configuration<\/i> &gt; <i>Global<\/i> &gt; (Options avanc\u00e9es) &gt; <i>Attributs Ldap <\/i>et ajoutez :<\/div>\n<ul data-indent-level=\"2\">\n<li>\n<div>\u00ab\u00a0userAccountControl\u00a0\u00bb pour Active Directory<\/div>\n<\/li>\n<li>\n<div>\u00ab\u00a0krbPasswordExpiration\u00a0\u00bb pour FreeIPA.<\/div>\n<\/li>\n<\/ul>\n<\/li>\n<li>\n<div>WALLIX Access Manager n&rsquo;est pas concern\u00e9 par cette vuln\u00e9rabilit\u00e9.<\/div>\n<\/li>\n<\/ul>\n<div><b>Logiciel fixe<\/b><\/div>\n<ul data-indent-level=\"1\">\n<li>\n<div>WALLIX Bastion 12.0.4, disponible d\u00e8s maintenant <a id=\"OWAf38e9035-f28e-6392-94ca-dc8b77767dfe\" class=\"x_x_OWAAutoLink\" title=\"https:\/\/updates.wallix.com\/bastion\/bastion-12.0.4.iso\" href=\"https:\/\/updates.wallix.com\/bastion\/bastion-12.0.4.iso\" target=\"_blank\" rel=\"noopener noreferrer\" data-auth=\"NotApplicable\" data-linkindex=\"1\">https:\/\/updates.wallix.com\/bastion\/bastion-12.0.4.iso<\/a><\/div>\n<\/li>\n<li>\n<div>WALLIX Access Manager 5.1.1, disponible d\u00e8s maintenant <a id=\"OWA5c28dc80-7042-7f11-0b68-0827c5070887\" class=\"x_x_OWAAutoLink\" title=\"https:\/\/updates.wallix.com\/accessmanager\/accessmanager-5.1.1.1.iso\" href=\"https:\/\/updates.wallix.com\/accessmanager\/accessmanager-5.1.1.1.iso\" target=\"_blank\" rel=\"noopener noreferrer\" data-auth=\"NotApplicable\" data-linkindex=\"2\">https:\/\/updates.wallix.com\/accessmanager\/accessmanager-5.1.1.1.iso<\/a><\/div>\n<\/li>\n<li>\n<div>WALLIX Bastion 10.0.10, disponible le 22 novembre<\/div>\n<\/li>\n<li>\n<div>WALLIX Access Manager 4.0.8, disponible le 22 novembre<\/div>\n<\/li>\n<\/ul>\n<div><b>Exploitation et annonces publiques<\/b><\/div>\n<div><\/div>\n<div>WALLIX n&rsquo;a pas connaissance d&rsquo;annonces publiques ou d&rsquo;utilisations malveillantes de la vuln\u00e9rabilit\u00e9 d\u00e9crite dans cet avis.<\/div>\n<div>Toutefois, il est recommand\u00e9 de rechercher toute activit\u00e9 anormale sur les bastions WALLIX.<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div><\/section>\n\n<\/div><\/div><\/div><!-- close content main div --><\/div><\/div>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-5ukex9-47e866328aa8315515063a863ded2438\">\n.avia-section.av-5ukex9-47e866328aa8315515063a863ded2438{\nbackground-color:#ffffff;\nbackground-image:unset;\n}\n<\/style>\n<div id='av_section_5'  class='avia-section av-5ukex9-47e866328aa8315515063a863ded2438 main_color avia-section-default avia-no-border-styling  avia-builder-el-13  el_after_av_section  el_before_av_section  avia-bg-style-scroll container_wrap fullsize'  ><div class='container av-section-cont-open' ><div class='template-page content  av-content-full alpha units'><div class='post-entry post-entry-type-page post-entry-41720'><div class='entry-content-wrapper clearfix'>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-42mo9p-576789105c882c134ab64519da2f42ad\">\n#top .av-special-heading.av-42mo9p-576789105c882c134ab64519da2f42ad{\npadding-bottom:30px;\ncolor:#172542;\nfont-size:30px;\n}\nbody .av-special-heading.av-42mo9p-576789105c882c134ab64519da2f42ad .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n#top #wrap_all .av-special-heading.av-42mo9p-576789105c882c134ab64519da2f42ad .av-special-heading-tag{\nfont-size:30px;\n}\n.av-special-heading.av-42mo9p-576789105c882c134ab64519da2f42ad .special-heading-inner-border{\nborder-color:#172542;\n}\n.av-special-heading.av-42mo9p-576789105c882c134ab64519da2f42ad .av-subheading{\nfont-size:18px;\ncolor:#ec6707;\n}\n\n@media only screen and (min-width: 480px) and (max-width: 767px){ \n#top #wrap_all .av-special-heading.av-42mo9p-576789105c882c134ab64519da2f42ad .av-special-heading-tag{\nfont-size:0.8em;\n}\n}\n\n@media only screen and (max-width: 479px){ \n#top #wrap_all .av-special-heading.av-42mo9p-576789105c882c134ab64519da2f42ad .av-special-heading-tag{\nfont-size:0.8em;\n}\n}\n<\/style>\n<div  class='av-special-heading av-42mo9p-576789105c882c134ab64519da2f42ad av-special-heading-h2 custom-color-heading blockquote modern-quote  avia-builder-el-14  el_before_av_textblock  avia-builder-el-first  av-inherit-size'><h2 class='av-special-heading-tag '  itemprop=\"headline\"  >D\u00c9CEMBRE 2023 <\/h2><div class='av_custom_color av-subheading av-subheading_below'><p>Divulgation potentielle d&rsquo;informations sensibles CVE-2023-49961<\/p>\n<\/div><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div>\n<section  class='av_textblock_section av-2xq70d-e5e3fcb56d69531a18fbb3b1f73e2a14 '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/CreativeWork\" ><div class='avia_textblock'  itemprop=\"text\" ><div id=\"UniqueMessageBody\" class=\"XbIp4 jmmB7 GNqVo allowTextSelection OuGoX\" tabindex=\"-1\" role=\"document\" aria-label=\"Corps du message\">\n<div>\n<div>\n<div dir=\"ltr\">\n<div lang=\"fr\">\n<div>\n<div class=\"R1UVb\">\n<div class=\"qF8_5\">\n<p><b>R\u00c9SUM\u00c9<\/b><\/p>\n<p>Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans les produits WALLIX qui pourrait permettre \u00e0 un attaquant d&rsquo;acc\u00e9der \u00e0 des informations sensibles. L&rsquo;attaquant pourrait utiliser cette vuln\u00e9rabilit\u00e9 pour obtenir des acc\u00e8s ill\u00e9gitimes.<\/p>\n<p>WALLIX recommande d&rsquo;appliquer imm\u00e9diatement les correctifs publi\u00e9s, ou avant qu&rsquo;ils ne soient appliqu\u00e9s, la solution de contournement d\u00e9crite ci-dessous.<\/p>\n<p><b>Produits concern\u00e9s<\/b><\/p>\n<p>Toutes les versions support\u00e9es de WALLIX Bastion et Access Manager en tant qu&rsquo;appliance.<\/p>\n<p><b>Solutions de rechange<\/b><\/p>\n<p>L&rsquo;article suivant de notre base de connaissances vous fournit la proc\u00e9dure d&rsquo;att\u00e9nuation.<\/p>\n<ul data-editing-info=\"{\">\n<li>Access Manager As Appliance : <u><a id=\"OWA73b126b4-6a6d-3e56-7e5b-bd226ab9f1d8\" href=\"https:\/\/wallix.lightning.force.com\/lightning\/r\/Knowledge__kav\/ka0Sb00000005irIAA\/view\" target=\"_blank\" rel=\"noopener noreferrer\" data-linkindex=\"0\" data-loopstyle=\"linkonly\" data-auth=\"NotApplicable\">https:\/\/wallix.lightning.force.com\/lightning\/r\/Knowledge__kav\/ka0Sb00000007O5IAI\/view<\/a><\/u><\/li>\n<li>Bastion : <u><a id=\"OWAa7bf852c-e5e0-52a8-b2d6-fa9f431562ba\" href=\"https:\/\/wallix.lightning.force.com\/lightning\/r\/Knowledge__kav\/ka0Sb00000005irIAA\/view\" target=\"_blank\" rel=\"noopener noreferrer\" data-linkindex=\"1\" data-loopstyle=\"linkonly\" data-auth=\"NotApplicable\">https:\/\/wallix.lightning.force.com\/lightning\/r\/Knowledge__kav\/ka0Sb00000005irIAA\/view<\/a><\/u><\/li>\n<\/ul>\n<p><b>Logiciel fixe<\/b><\/p>\n<p>Les versions hotfixes et les correctifs sont disponibles sur notre portail de t\u00e9l\u00e9chargement :<\/p>\n<ul data-editing-info=\"{\">\n<li>\n<div>Bastion 9.0.9 : <a id=\"OWA85b95332-fe66-5f8f-4fbf-771dcaa28813\" href=\"https:\/\/cloud.wallix.com\/index.php\/s\/DBkJWdtsPjW7BSn\" target=\"_blank\" rel=\"noopener noreferrer\" data-linkindex=\"2\" data-loopstyle=\"linkonly\" data-auth=\"NotApplicable\">https:\/\/cloud.wallix.com\/index.php\/s\/DBkJWdtsPjW7BSn<\/a> (SHA256 : dc5e3fda310a94cd54835800718cc1ec02084a126f79c82dde465eff40d698a4 )<\/div>\n<\/li>\n<li>\n<div>Bastion 10.0.5 : <a id=\"OWAa1dfb947-0c43-31d0-d4fa-915b2f9d774b\" href=\"https:\/\/cloud.wallix.com\/index.php\/s\/PYjdncJSTaEBRSg\" target=\"_blank\" rel=\"noopener noreferrer\" data-linkindex=\"3\" data-loopstyle=\"linkonly\" data-auth=\"NotApplicable\">https:\/\/cloud.wallix.com\/index.php\/s\/PYjdncJSTaEBRSg<\/a> (SHA256 : 65cdc9b49dfa2160a4a8489fd1c61cad1a48444dbb86cb4a9ac0f4ff527d1197 )<\/div>\n<\/li>\n<\/ul>\n<div><\/div>\n<p><b>Exploitation et annonces publiques<\/b><\/p>\n<p>WALLIX n&rsquo;a pas connaissance d&rsquo;annonces publiques ou d&rsquo;utilisations malveillantes de la vuln\u00e9rabilit\u00e9 d\u00e9crite dans cet avis.<\/p>\n<p>Cependant, il est recommand\u00e9 de rechercher toute activit\u00e9 anormale sur les Bastions WALLIX et WALLIX Access Manager. Il est \u00e9galement recommand\u00e9 de s&rsquo;assurer que les pare-feu des Bastions et du Gestionnaire d&rsquo;acc\u00e8s sont activ\u00e9s.<\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div><\/section>\n\n<\/div><\/div><\/div><!-- close content main div --><\/div><\/div>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-lyzpdp0i-17b106f359a0a6d9e56ceebb78ad7e69\">\n.avia-section.av-lyzpdp0i-17b106f359a0a6d9e56ceebb78ad7e69{\nbackground-color:#e5e5e5;\nbackground-image:unset;\n}\n<\/style>\n<div id='av_section_6'  class='avia-section av-lyzpdp0i-17b106f359a0a6d9e56ceebb78ad7e69 main_color avia-section-default avia-no-border-styling  avia-builder-el-16  el_after_av_section  el_before_av_section  avia-bg-style-scroll container_wrap fullsize'  ><div class='container av-section-cont-open' ><div class='template-page content  av-content-full alpha units'><div class='post-entry post-entry-type-page post-entry-41720'><div class='entry-content-wrapper clearfix'>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-49tsz1-03db9d6b47102c101f6ab25c6e76040c\">\n#top .av-special-heading.av-49tsz1-03db9d6b47102c101f6ab25c6e76040c{\npadding-bottom:30px;\ncolor:#172542;\nfont-size:30px;\n}\nbody .av-special-heading.av-49tsz1-03db9d6b47102c101f6ab25c6e76040c .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n#top #wrap_all .av-special-heading.av-49tsz1-03db9d6b47102c101f6ab25c6e76040c .av-special-heading-tag{\nfont-size:30px;\n}\n.av-special-heading.av-49tsz1-03db9d6b47102c101f6ab25c6e76040c .special-heading-inner-border{\nborder-color:#172542;\n}\n.av-special-heading.av-49tsz1-03db9d6b47102c101f6ab25c6e76040c .av-subheading{\nfont-size:18px;\ncolor:#ec6707;\n}\n\n@media only screen and (min-width: 480px) and (max-width: 767px){ \n#top #wrap_all .av-special-heading.av-49tsz1-03db9d6b47102c101f6ab25c6e76040c .av-special-heading-tag{\nfont-size:0.8em;\n}\n}\n\n@media only screen and (max-width: 479px){ \n#top #wrap_all .av-special-heading.av-49tsz1-03db9d6b47102c101f6ab25c6e76040c .av-special-heading-tag{\nfont-size:0.8em;\n}\n}\n<\/style>\n<div  class='av-special-heading av-49tsz1-03db9d6b47102c101f6ab25c6e76040c av-special-heading-h2 custom-color-heading blockquote modern-quote  avia-builder-el-17  el_before_av_textblock  avia-builder-el-first  av-inherit-size'><h2 class='av-special-heading-tag '  itemprop=\"headline\"  >F\u00c9VRIER 2023 <\/h2><div class='av_custom_color av-subheading av-subheading_below'><p>\u00c9l\u00e9vation des privil\u00e8ges d&rsquo;Access Manager CVE-2023-23592<\/p>\n<\/div><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div>\n<section  class='av_textblock_section av-247y9p-abbdfa1fb1e9663efb6218344347f6fd '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/CreativeWork\" ><div class='avia_textblock'  itemprop=\"text\" ><div id=\"UniqueMessageBody\" class=\"XbIp4 jmmB7 GNqVo allowTextSelection OuGoX\" tabindex=\"-1\" role=\"document\" aria-label=\"Corps du message\">\n<div>\n<div>\n<div dir=\"ltr\">\n<div lang=\"fr\">\n<div>\n<p><b><span lang=\"en-US\">F\u00e9vrier 2023<\/span><\/b><\/p>\n<p><b><br \/>\n<span lang=\"en-US\">\u00c9l\u00e9vation des privil\u00e8ges du gestionnaire d&rsquo;acc\u00e8s <\/span><br \/>\n<\/b><span lang=\"en-US\">CVE-2023-23592<\/span><\/p>\n<p><b><span lang=\"en-US\">R\u00c9SUM\u00c9<\/span><\/b><\/p>\n<p><span lang=\"en-US\">Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 d\u00e9couverte dans le produit WALLIX Access Manager qui peut permettre \u00e0 un attaquant d&rsquo;acc\u00e9der \u00e0 des informations sensibles. L&rsquo;attaquant pourrait utiliser cette vuln\u00e9rabilit\u00e9 pour obtenir<\/span> <span lang=\"en-US\">les acc\u00e8s ill\u00e9gitimes. <\/span><\/p>\n<p><span lang=\"en-US\">WALLIX recommande d&rsquo;appliquer imm\u00e9diatement les correctifs publi\u00e9s, ou avant qu&rsquo;ils ne soient appliqu\u00e9s, la solution de contournement d\u00e9crite ci-dessous.<\/span><\/p>\n<p><b><span lang=\"en-US\">Produits concern\u00e9s<\/span><\/b><\/p>\n<p><span lang=\"en-US\">Toutes les versions de WALLIX Access Manager<\/span><span lang=\"en-US\">.<\/span><\/p>\n<p><b><span lang=\"en-US\">Solutions de rechange<\/span><\/b><\/p>\n<p>L&rsquo;article suivant de notre base de connaissances vous fournit la proc\u00e9dure de contournement.<\/p>\n<p><a href=\"https:\/\/support.wallix.com\/s\/article\/How-can-I-mitigate-CVE-2023-23592\" target=\"_blank\" rel=\"noopener noreferrer\" data-auth=\"NotApplicable\" data-linkindex=\"0\">https:\/\/support.wallix.com\/s\/article\/How-can-I-mitigate-CVE-2023-23592<\/a><\/p>\n<p><b><span lang=\"en-US\">Logiciel fixe<\/span><\/b><\/p>\n<p><span lang=\"en-US\">Les versions hotfixes sont disponibles sur notre portail de t\u00e9l\u00e9chargement :<\/span><\/p>\n<p>&#8211; <a href=\"https:\/\/updates.wallix.com\/endpoint\/login?ReturnTo=https%3A%2F%2Fupdates.wallix.com%2Faccessmanager%2Faccessmanager-3.0.16.0.iso&amp;IdP=https%3A%2F%2Fsupport.wallix.com\" target=\"_blank\" rel=\"noopener noreferrer\" data-auth=\"NotApplicable\" data-linkindex=\"1\"><br \/>\n<span lang=\"en-US\">Version 3.0.16<\/span><br \/>\n<\/a><\/p>\n<p>&#8211; <a href=\"https:\/\/updates.wallix.com\/endpoint\/login?ReturnTo=https%3A%2F%2Fupdates.wallix.com%2Faccessmanager%2Faccessmanager-4.0.3.2.iso&amp;IdP=https%3A%2F%2Fsupport.wallix.com\" target=\"_blank\" rel=\"noopener noreferrer\" data-auth=\"NotApplicable\" data-linkindex=\"2\"><br \/>\n<span lang=\"en-US\">Version 4.0.3<\/span><br \/>\n<\/a><\/p>\n<p><b><span lang=\"en-US\">Exploitation et annonces publiques<\/span><\/b><\/p>\n<p><span lang=\"en-US\">WALLIX n&rsquo;a pas connaissance d&rsquo;annonces publiques ou d&rsquo;utilisations malveillantes de la vuln\u00e9rabilit\u00e9 d\u00e9crite dans cet avis. Cependant, il est recommand\u00e9 de rechercher toute activit\u00e9 anormale sur les Bastions WALLIX qui sont connect\u00e9s \u00e0 WALLIX Access Manager. Il est notamment recommand\u00e9 de rechercher des adresses IP inhabituelles utilis\u00e9es par des utilisateurs privil\u00e9gi\u00e9s et susceptibles d&rsquo;\u00eatre utilis\u00e9es par plusieurs comptes d&rsquo;utilisateurs.<\/span><\/p>\n<p><b><span lang=\"en-US\">Source<\/span><\/b><\/p>\n<p><span lang=\"en-US\">Contr\u00f4les de s\u00e9curit\u00e9 internes<\/span><\/p>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div>\n<\/div><\/section>\n\n<\/div><\/div><\/div><!-- close content main div --><\/div><\/div><div id='av_section_7'  class='avia-section av-29k7kd-e04265b670bddc0f466d80c0b864b53f main_color avia-section-default avia-no-border-styling  avia-builder-el-19  el_after_av_section  el_before_av_section  avia-bg-style-scroll container_wrap fullsize'  ><div class='container av-section-cont-open' ><div class='template-page content  av-content-full alpha units'><div class='post-entry post-entry-type-page post-entry-41720'><div class='entry-content-wrapper clearfix'>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-4ioy65-3123250f00ba69c5490579d00a03381c\">\n#top .av-special-heading.av-4ioy65-3123250f00ba69c5490579d00a03381c{\npadding-bottom:30px;\ncolor:#172542;\nfont-size:30px;\n}\nbody .av-special-heading.av-4ioy65-3123250f00ba69c5490579d00a03381c .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n#top #wrap_all .av-special-heading.av-4ioy65-3123250f00ba69c5490579d00a03381c .av-special-heading-tag{\nfont-size:30px;\n}\n.av-special-heading.av-4ioy65-3123250f00ba69c5490579d00a03381c .special-heading-inner-border{\nborder-color:#172542;\n}\n.av-special-heading.av-4ioy65-3123250f00ba69c5490579d00a03381c .av-subheading{\nfont-size:18px;\ncolor:#ec6707;\n}\n\n@media only screen and (min-width: 480px) and (max-width: 767px){ \n#top #wrap_all .av-special-heading.av-4ioy65-3123250f00ba69c5490579d00a03381c .av-special-heading-tag{\nfont-size:0.8em;\n}\n}\n\n@media only screen and (max-width: 479px){ \n#top #wrap_all .av-special-heading.av-4ioy65-3123250f00ba69c5490579d00a03381c .av-special-heading-tag{\nfont-size:0.8em;\n}\n}\n<\/style>\n<div  class='av-special-heading av-4ioy65-3123250f00ba69c5490579d00a03381c av-special-heading-h2 custom-color-heading blockquote modern-quote  avia-builder-el-20  el_before_av_textblock  avia-builder-el-first  av-inherit-size'><h2 class='av-special-heading-tag '  itemprop=\"headline\"  >D\u00c9CEMBRE 2021<\/h2><div class='av_custom_color av-subheading av-subheading_below'><p>Vuln\u00e9rabilit\u00e9 d&rsquo;ex\u00e9cution de code \u00e0 distance dans Log4J (CVE-2021-44228)<\/p>\n<\/div><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div>\n<section  class='av_textblock_section av-2zscrh-0a2cb36181c2906b0431e672434bd74f '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/CreativeWork\" ><div class='avia_textblock'  itemprop=\"text\" ><p><strong>R\u00c9SUM\u00c9<\/strong><\/p>\n<p>L&rsquo;\u00e9quipe de s\u00e9curit\u00e9 d&rsquo;Alibaba Cloud a publi\u00e9 le 9 d\u00e9cembre 2021 une vuln\u00e9rabilit\u00e9 dans log4j, une biblioth\u00e8que de journalisation Java commune. (CVE-2021-44228) Cette vuln\u00e9rabilit\u00e9 permet l&rsquo;ex\u00e9cution de code \u00e0 distance non authentifi\u00e9 sur les applications Java.<\/p>\n<p><strong>Produits concern\u00e9s<\/strong><\/p>\n<p>Toutes les versions de WALLIX Access Manager<\/p>\n<p><strong>Solutions de rechange<\/strong><\/p>\n<p>La configuration par d\u00e9faut de WALLIX Access Manager emp\u00eache l&rsquo;exploitation de cette vuln\u00e9rabilit\u00e9 sur le champ de connexion.<\/p>\n<p>Cependant, afin d&rsquo;\u00e9viter toute possibilit\u00e9 d&rsquo;exploitation en cas de modification de la configuration par d\u00e9faut du WALLIX Access Manager, l&rsquo;\u00e9quipe WALLIX propose un correctif qui d\u00e9sactive la classe d\u00e9fectueuse de la biblioth\u00e8que log4j.<\/p>\n<p>Ce correctif s&rsquo;applique \u00e0 toutes les versions d&rsquo;Access Manager \u00e0 partir de la version 2.0.<\/p>\n<p>L&rsquo;article suivant de notre base de connaissances vous fournit l&rsquo;acc\u00e8s au patch ainsi que la proc\u00e9dure pour l&rsquo;installer.<\/p>\n<p><a href=\"https:\/\/support.wallix.com\/s\/article\/CVE-2021-44228-Mitigation-procedure\">https:\/\/support.wallix.com\/s\/article\/CVE-2021-44228-Mitigation-procedure<\/a><\/p>\n<p><strong>Logiciel fixe<\/strong><\/p>\n<p>Une mise \u00e0 jour de la version de Log4J est pr\u00e9vue en m\u00eame temps que la version 3.0.11 de l&rsquo;Access Manager.<\/p>\n<p>La publication de cette version est pr\u00e9vue pour la fin du mois de d\u00e9cembre 2021.<\/p>\n<p><strong>Exploitation et annonces publiques<\/strong><\/p>\n<p>WALLIX n&rsquo;a pas connaissance d&rsquo;annonces publiques ou d&rsquo;utilisations malveillantes de la vuln\u00e9rabilit\u00e9 d\u00e9crite dans cet avis. Cependant, il est recommand\u00e9 de rechercher toute activit\u00e9 anormale sur les Bastions WALLIX qui sont connect\u00e9s \u00e0 WALLIX Access Manager. Il est notamment recommand\u00e9 de rechercher la cr\u00e9ation de nouveaux utilisateurs ou de nouvelles autorisations, en particulier depuis la publication du CVE.<\/p>\n<p><strong>Source<\/strong><\/p>\n<p>L&rsquo;\u00e9quipe de s\u00e9curit\u00e9 d&rsquo;Alibaba Cloud a publi\u00e9 le 9 d\u00e9cembre 2021 une vuln\u00e9rabilit\u00e9 dans log4j, une biblioth\u00e8que de journalisation Java commune. (CVE-2021-44228)<\/p>\n<\/div><\/section>\n\n<\/div><\/div><\/div><!-- close content main div --><\/div><\/div>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-lpmr1ai0-b6ec89c5c2384aac021f6ef550a9b8e8\">\n.avia-section.av-lpmr1ai0-b6ec89c5c2384aac021f6ef550a9b8e8{\nbackground-color:#e8e8e8;\nbackground-image:unset;\n}\n<\/style>\n<div id='av_section_8'  class='avia-section av-lpmr1ai0-b6ec89c5c2384aac021f6ef550a9b8e8 main_color avia-section-default avia-no-border-styling  avia-builder-el-22  el_after_av_section  el_before_av_section  avia-bg-style-scroll container_wrap fullsize'  ><div class='container av-section-cont-open' ><div class='template-page content  av-content-full alpha units'><div class='post-entry post-entry-type-page post-entry-41720'><div class='entry-content-wrapper clearfix'>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-9lz3x-48c98376fc5b76b5568c985117bd248f\">\n#top .av-special-heading.av-9lz3x-48c98376fc5b76b5568c985117bd248f{\npadding-bottom:30px;\ncolor:#172542;\nfont-size:30px;\n}\nbody .av-special-heading.av-9lz3x-48c98376fc5b76b5568c985117bd248f .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n#top #wrap_all .av-special-heading.av-9lz3x-48c98376fc5b76b5568c985117bd248f .av-special-heading-tag{\nfont-size:30px;\n}\n.av-special-heading.av-9lz3x-48c98376fc5b76b5568c985117bd248f .special-heading-inner-border{\nborder-color:#172542;\n}\n.av-special-heading.av-9lz3x-48c98376fc5b76b5568c985117bd248f .av-subheading{\nfont-size:18px;\ncolor:#ec6707;\n}\n\n@media only screen and (min-width: 480px) and (max-width: 767px){ \n#top #wrap_all .av-special-heading.av-9lz3x-48c98376fc5b76b5568c985117bd248f .av-special-heading-tag{\nfont-size:0.8em;\n}\n}\n\n@media only screen and (max-width: 479px){ \n#top #wrap_all .av-special-heading.av-9lz3x-48c98376fc5b76b5568c985117bd248f .av-special-heading-tag{\nfont-size:0.8em;\n}\n}\n<\/style>\n<div  class='av-special-heading av-9lz3x-48c98376fc5b76b5568c985117bd248f av-special-heading-h2 custom-color-heading blockquote modern-quote  avia-builder-el-23  el_before_av_textblock  avia-builder-el-first  av-inherit-size'><h2 class='av-special-heading-tag '  itemprop=\"headline\"  >JANVIER 2021 <\/h2><div class='av_custom_color av-subheading av-subheading_below'><p>Escalade de privil\u00e8ges Sudo affectant les produits WALLIX &#8211; CVE-2021-3156<\/p>\n<\/div><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div>\n<section  class='av_textblock_section av-lmrwq1h4-e30c9b734003b6ed2e3f4144838826ff '   itemscope=\"itemscope\" itemtype=\"https:\/\/schema.org\/CreativeWork\" ><div class='avia_textblock'  itemprop=\"text\" ><h6><span style=\"color: #f4813a;\">R\u00c9SUM\u00c9<\/span><\/h6>\n<p>L&rsquo;\u00e9quipe de recherche Qualys a d\u00e9couvert une vuln\u00e9rabilit\u00e9 de type d\u00e9bordement de tas dans sudo (CVE-2021-3156). Un utilisateur local non privil\u00e9gi\u00e9 peut obtenir les privil\u00e8ges de root sur un h\u00f4te vuln\u00e9rable utilisant une configuration sudo par d\u00e9faut en exploitant cette vuln\u00e9rabilit\u00e9.<\/p>\n<p>sudo ne peut \u00eatre exploit\u00e9 que localement. Cela signifie que soit :<\/p>\n<ul>\n<li>L&rsquo;utilisateur est connect\u00e9 sur le Bastion WALLIX, via le compte wabadmin, sur l&rsquo;interface d&rsquo;administration. Cet utilisateur peut alors exploiter sudo pour devenir root et contourner toutes les s\u00e9curit\u00e9s de WALLIX Bastion.<\/li>\n<li>Une vuln\u00e9rabilit\u00e9 d&rsquo;exploitation de code \u00e0 distance (RCE) existe dans un autre \u00e9l\u00e9ment du logiciel WALLIX ou d&rsquo;une tierce partie, qui fournit un shell local. Apr\u00e8s avoir r\u00e9ussi \u00e0 exploiter cette vuln\u00e9rabilit\u00e9, l&rsquo;attaquant sera en mesure d&rsquo;exploiter sudo pour devenir root. \u00c0 la connaissance de WALLIX, un Bastion \u00e0 jour ne pr\u00e9sente pas cette vuln\u00e9rabilit\u00e9.<\/li>\n<\/ul>\n<h6>Produits concern\u00e9s<\/h6>\n<ul>\n<li>Toutes les versions ant\u00e9rieures \u00e0 WALLIX Bastion 8.0.6 (incluse)<\/li>\n<li>Toutes les versions 8.1 et 8.2<\/li>\n<\/ul>\n<h6>Solutions de rechange<\/h6>\n<p>Il n&rsquo;existe pas de solution de contournement \u00e0 cette vuln\u00e9rabilit\u00e9.<\/p>\n<h6>Logiciel fixe<\/h6>\n<p>Cette vuln\u00e9rabilit\u00e9 est corrig\u00e9e \u00e0 partir de WALLIX Bastion 8.0.7 et 7.0.14.<\/p>\n<ul>\n<li>Un correctif est disponible pour les versions 8.0.6 et ant\u00e9rieures (il s&rsquo;applique aux versions 8.1 et 8.2).<\/li>\n<li>Un correctif est disponible pour les versions 7.0.13 et ant\u00e9rieures.<\/li>\n<\/ul>\n<p>Ces \u00e9l\u00e9ments sont disponibles sur notre site de t\u00e9l\u00e9chargement : <span style=\"color: #f4913a;\"><br \/>\n<a style=\"color: #f4913a;\" href=\"https:\/\/support.wallix.com\/s\/article\/Patch-for-Sudo-vulnerability-CVE-2021-3156\" target=\"_blank\" rel=\"noopener noreferrer\" data-auth=\"NotApplicable\">WALLIX Support : Patchs<\/a><br \/>\n<\/span><\/p>\n<h6>Exploitation et annonces publiques<\/h6>\n<p>WALLIX n&rsquo;a pas connaissance d&rsquo;annonces publiques ou d&rsquo;utilisations malveillantes de la vuln\u00e9rabilit\u00e9 d\u00e9crite dans cet avis.<\/p>\n<h6>Source<\/h6>\n<p>Le 26 janvier 2021, Qualys a rendu publique cette vuln\u00e9rabilit\u00e9 dans un bulletin de s\u00e9curit\u00e9 \u00e0 l&rsquo;adresse suivante : <a href=\"https:\/\/blog.qualys.com\/vulnerabilities-threat-research\/2021\/01\/26\/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit\" target=\"_blank\" rel=\"noopener noreferrer\" data-auth=\"NotApplicable\">https:\/\/blog.qualys.com<\/a><\/p>\n<\/div><\/section>\n\n<\/div><\/div><\/div><!-- close content main div --><\/div><\/div>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-ogks99-ce4f98266b381d0663d4404da1b45671\">\n.avia-section.av-ogks99-ce4f98266b381d0663d4404da1b45671{\nbackground-color:#1e91ad;\nbackground:linear-gradient( to bottom, #1e91ad, #172542 );\n}\n<\/style>\n<div id='av_section_9'  class='avia-section av-ogks99-ce4f98266b381d0663d4404da1b45671 main_color avia-section-large avia-no-border-styling  avia-builder-el-25  el_after_av_section  avia-builder-el-last  avia-bg-style-scroll container_wrap fullsize'  ><div class='container av-section-cont-open' ><div class='template-page content  av-content-full alpha units'><div class='post-entry post-entry-type-page post-entry-41720'><div class='entry-content-wrapper clearfix'>\n\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-lr7zf1-1f7b68e451756b25f3972e19078c44dc\">\n#top .av-special-heading.av-lr7zf1-1f7b68e451756b25f3972e19078c44dc{\npadding-bottom:0;\ncolor:#ffffff;\nfont-size:37px;\n}\nbody .av-special-heading.av-lr7zf1-1f7b68e451756b25f3972e19078c44dc .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n#top #wrap_all .av-special-heading.av-lr7zf1-1f7b68e451756b25f3972e19078c44dc .av-special-heading-tag{\nfont-size:37px;\n}\n.av-special-heading.av-lr7zf1-1f7b68e451756b25f3972e19078c44dc .special-heading-inner-border{\nborder-color:#ffffff;\n}\n.av-special-heading.av-lr7zf1-1f7b68e451756b25f3972e19078c44dc .av-subheading{\nfont-size:26px;\n}\n\n@media only screen and (min-width: 480px) and (max-width: 767px){ \n#top #wrap_all .av-special-heading.av-lr7zf1-1f7b68e451756b25f3972e19078c44dc .av-special-heading-tag{\nfont-size:0.8em;\n}\n}\n\n@media only screen and (max-width: 479px){ \n#top #wrap_all .av-special-heading.av-lr7zf1-1f7b68e451756b25f3972e19078c44dc .av-special-heading-tag{\nfont-size:0.8em;\n}\n}\n<\/style>\n<div  class='av-special-heading av-lr7zf1-1f7b68e451756b25f3972e19078c44dc av-special-heading-h3 custom-color-heading blockquote modern-quote modern-centered  avia-builder-el-26  el_before_av_one_fourth  avia-builder-el-first  av-inherit-size'><h3 class='av-special-heading-tag '  itemprop=\"headline\"  >WALLIX SUPPORT <span class='special_amp'>&amp;<\/span> SERVICES<\/h3><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div>\n<div class='flex_column_table av-koqb5p-7b5560d5d94e8a3834f17d963de96b99 sc-av_one_fourth av-equal-height-column-flextable'>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-koqb5p-7b5560d5d94e8a3834f17d963de96b99\">\n.flex_column.av-koqb5p-7b5560d5d94e8a3834f17d963de96b99{\nwidth:23.125%;\nmargin-left:0;\npadding:20px 20px 20px 20px;\n}\n#top .flex_column_table.av-equal-height-column-flextable.av-koqb5p-7b5560d5d94e8a3834f17d963de96b99 .av-flex-placeholder{\nwidth:2.5%;\n}\n<\/style>\n<div  class='flex_column av-koqb5p-7b5560d5d94e8a3834f17d963de96b99 av_one_fourth  avia-builder-el-27  el_after_av_heading  el_before_av_one_fourth  first flex_column_table_cell av-equal-height-column av-align-top av-animated-generic bottom-to-top  '     ><p>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-1yiekt-8b9312116e1c0e33a649ab85d86f5ac2\">\n#top .av-special-heading.av-1yiekt-8b9312116e1c0e33a649ab85d86f5ac2{\nmargin:5px 5px 5px 5px;\npadding-bottom:10px;\ncolor:#ffffff;\nfont-size:24px;\n}\nbody .av-special-heading.av-1yiekt-8b9312116e1c0e33a649ab85d86f5ac2 .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n#top #wrap_all .av-special-heading.av-1yiekt-8b9312116e1c0e33a649ab85d86f5ac2 .av-special-heading-tag{\nfont-size:24px;\n}\n.av-special-heading.av-1yiekt-8b9312116e1c0e33a649ab85d86f5ac2 .special-heading-inner-border{\nborder-color:#ffffff;\n}\n.av-special-heading.av-1yiekt-8b9312116e1c0e33a649ab85d86f5ac2 .av-subheading{\nfont-size:16px;\ncolor:#ec6707;\n}\n\n@media only screen and (min-width: 480px) and (max-width: 767px){ \n#top #wrap_all .av-special-heading.av-1yiekt-8b9312116e1c0e33a649ab85d86f5ac2 .av-special-heading-tag{\nfont-size:0.8em;\n}\n}\n\n@media only screen and (max-width: 479px){ \n#top #wrap_all .av-special-heading.av-1yiekt-8b9312116e1c0e33a649ab85d86f5ac2 .av-special-heading-tag{\nfont-size:0.8em;\n}\n}\n<\/style>\n<div  class='av-special-heading av-1yiekt-8b9312116e1c0e33a649ab85d86f5ac2 av-special-heading-h3 custom-color-heading blockquote modern-quote modern-centered  avia-builder-el-28  el_before_av_button  avia-builder-el-first  av-inherit-size'><h3 class='av-special-heading-tag '  itemprop=\"headline\"  >WALLIX<br \/>\nCONSULTING<\/h3><div class='av_custom_color av-subheading av-subheading_below'><p>R\u00e9fl\u00e9chir, concevoir et s\u00e9curiser des mises en \u0153uvre complexes ou de grande envergure<\/p>\n<\/div><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><br \/>\n<div  class='avia-button-wrap av-h9dibx-a851024046bb6c0a681c02153cb939f7-wrap avia-button-center  avia-builder-el-29  el_after_av_heading  avia-builder-el-last '>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-h9dibx-a851024046bb6c0a681c02153cb939f7\">\n#top #wrap_all .avia-button.av-h9dibx-a851024046bb6c0a681c02153cb939f7{\nbackground-color:#ec6707;\nborder-color:#ea6e52;\ncolor:#ffffff;\nborder-style:solid;\nborder-width:1px 1px 1px 1px;\ntransition:all 0.4s ease-in-out;\n}\n#top #wrap_all .avia-button.av-h9dibx-a851024046bb6c0a681c02153cb939f7:hover{\nbackground-color:#ffffff;\ncolor:#f17c00;\ntransition:all 0.4s ease-in-out;\n}\n#top #wrap_all .avia-button.av-h9dibx-a851024046bb6c0a681c02153cb939f7 .avia-svg-icon svg:first-child{\nfill:#ffffff;\nstroke:#ffffff;\n}\n#top #wrap_all .avia-button.av-h9dibx-a851024046bb6c0a681c02153cb939f7:hover .avia-svg-icon svg:first-child{\nfill:#f17c00;\nstroke:#f17c00;\n}\n<\/style>\n<a href='https:\/\/www.wallix.com\/fr\/services-et-support\/consulting\/'  class='avia-button av-h9dibx-a851024046bb6c0a681c02153cb939f7 av-link-btn avia-icon_select-no avia-size-large avia-position-center'  target=\"_blank\"  rel=\"noopener noreferrer\"  aria-label=\"CONSULTING\"><span class='avia_iconbox_title' >CONSULTING<\/span><\/a><\/div><\/p><\/div><div class='av-flex-placeholder'><\/div>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-1mkvm5-051e82c05dfa1f80d127cd8444933506\">\n.flex_column.av-1mkvm5-051e82c05dfa1f80d127cd8444933506{\nwidth:23.125%;\nmargin-left:0;\npadding:20px 20px 20px 20px;\n}\n#top .flex_column_table.av-equal-height-column-flextable.av-1mkvm5-051e82c05dfa1f80d127cd8444933506 .av-flex-placeholder{\nwidth:2.5%;\n}\n<\/style>\n<div  class='flex_column av-1mkvm5-051e82c05dfa1f80d127cd8444933506 av_one_fourth  avia-builder-el-30  el_after_av_one_fourth  el_before_av_one_fourth  flex_column_table_cell av-equal-height-column av-align-top av-animated-generic bottom-to-top  '     ><p>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-ev5q7x-68a6503b5f5b5879ed4ccbbc80e8f531\">\n#top .av-special-heading.av-ev5q7x-68a6503b5f5b5879ed4ccbbc80e8f531{\nmargin:5px 5px 5px 5px;\npadding-bottom:10px;\ncolor:#ffffff;\nfont-size:24px;\n}\nbody .av-special-heading.av-ev5q7x-68a6503b5f5b5879ed4ccbbc80e8f531 .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n#top #wrap_all .av-special-heading.av-ev5q7x-68a6503b5f5b5879ed4ccbbc80e8f531 .av-special-heading-tag{\nfont-size:24px;\n}\n.av-special-heading.av-ev5q7x-68a6503b5f5b5879ed4ccbbc80e8f531 .special-heading-inner-border{\nborder-color:#ffffff;\n}\n.av-special-heading.av-ev5q7x-68a6503b5f5b5879ed4ccbbc80e8f531 .av-subheading{\nfont-size:16px;\ncolor:#ec6707;\n}\n\n@media only screen and (min-width: 480px) and (max-width: 767px){ \n#top #wrap_all .av-special-heading.av-ev5q7x-68a6503b5f5b5879ed4ccbbc80e8f531 .av-special-heading-tag{\nfont-size:0.8em;\n}\n}\n\n@media only screen and (max-width: 479px){ \n#top #wrap_all .av-special-heading.av-ev5q7x-68a6503b5f5b5879ed4ccbbc80e8f531 .av-special-heading-tag{\nfont-size:0.8em;\n}\n}\n<\/style>\n<div  class='av-special-heading av-ev5q7x-68a6503b5f5b5879ed4ccbbc80e8f531 av-special-heading-h3 custom-color-heading blockquote modern-quote modern-centered  avia-builder-el-31  el_before_av_button  avia-builder-el-first  av-inherit-size'><h3 class='av-special-heading-tag '  itemprop=\"headline\"  >CUSTOMER SUPPORT<\/h3><div class='av_custom_color av-subheading av-subheading_below'><p>Contactez<br \/>\navec l&rsquo;\u00e9quipe client\u00e8le<\/p>\n<\/div><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><br \/>\n<div  class='avia-button-wrap av-c296m5-b130a4cb79fa9fbb77c94d60eb523865-wrap avia-button-center  avia-builder-el-32  el_after_av_heading  avia-builder-el-last '>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-c296m5-b130a4cb79fa9fbb77c94d60eb523865\">\n#top #wrap_all .avia-button.av-c296m5-b130a4cb79fa9fbb77c94d60eb523865{\nbackground-color:#ec6707;\nborder-color:#ea6e52;\ncolor:#ffffff;\nborder-style:solid;\nborder-width:1px 1px 1px 1px;\ntransition:all 0.4s ease-in-out;\n}\n#top #wrap_all .avia-button.av-c296m5-b130a4cb79fa9fbb77c94d60eb523865:hover{\nbackground-color:#ffffff;\ncolor:#f17c00;\ntransition:all 0.4s ease-in-out;\n}\n#top #wrap_all .avia-button.av-c296m5-b130a4cb79fa9fbb77c94d60eb523865 .avia-svg-icon svg:first-child{\nfill:#ffffff;\nstroke:#ffffff;\n}\n#top #wrap_all .avia-button.av-c296m5-b130a4cb79fa9fbb77c94d60eb523865:hover .avia-svg-icon svg:first-child{\nfill:#f17c00;\nstroke:#f17c00;\n}\n<\/style>\n<a href='https:\/\/www.wallix.com\/fr\/services-et-support\/support-clients\/'  class='avia-button av-c296m5-b130a4cb79fa9fbb77c94d60eb523865 av-link-btn avia-icon_select-no avia-size-large avia-position-center'  target=\"_blank\"  rel=\"noopener noreferrer\"  aria-label=\"CUSTOMER SUPPORT\"><span class='avia_iconbox_title' >CUSTOMER SUPPORT<\/span><\/a><\/div><\/p><\/div><div class='av-flex-placeholder'><\/div>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-a7n7gd-648c6f678794c5b9b48971087f36ed59\">\n.flex_column.av-a7n7gd-648c6f678794c5b9b48971087f36ed59{\nwidth:23.125%;\nmargin-left:0;\npadding:20px 20px 20px 20px;\n}\n#top .flex_column_table.av-equal-height-column-flextable.av-a7n7gd-648c6f678794c5b9b48971087f36ed59 .av-flex-placeholder{\nwidth:2.5%;\n}\n<\/style>\n<div  class='flex_column av-a7n7gd-648c6f678794c5b9b48971087f36ed59 av_one_fourth  avia-builder-el-33  el_after_av_one_fourth  el_before_av_one_fourth  flex_column_table_cell av-equal-height-column av-align-top av-animated-generic bottom-to-top  '     ><p>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-vvsul-5a5256fd9b552e4571fea7109bceaf54\">\n#top .av-special-heading.av-vvsul-5a5256fd9b552e4571fea7109bceaf54{\nmargin:5px 5px 5px 5px;\npadding-bottom:10px;\ncolor:#ffffff;\nfont-size:24px;\n}\nbody .av-special-heading.av-vvsul-5a5256fd9b552e4571fea7109bceaf54 .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n#top #wrap_all .av-special-heading.av-vvsul-5a5256fd9b552e4571fea7109bceaf54 .av-special-heading-tag{\nfont-size:24px;\n}\n.av-special-heading.av-vvsul-5a5256fd9b552e4571fea7109bceaf54 .special-heading-inner-border{\nborder-color:#ffffff;\n}\n.av-special-heading.av-vvsul-5a5256fd9b552e4571fea7109bceaf54 .av-subheading{\nfont-size:16px;\ncolor:#ec6707;\n}\n\n@media only screen and (min-width: 480px) and (max-width: 767px){ \n#top #wrap_all .av-special-heading.av-vvsul-5a5256fd9b552e4571fea7109bceaf54 .av-special-heading-tag{\nfont-size:0.8em;\n}\n}\n\n@media only screen and (max-width: 479px){ \n#top #wrap_all .av-special-heading.av-vvsul-5a5256fd9b552e4571fea7109bceaf54 .av-special-heading-tag{\nfont-size:0.8em;\n}\n}\n<\/style>\n<div  class='av-special-heading av-vvsul-5a5256fd9b552e4571fea7109bceaf54 av-special-heading-h3 custom-color-heading blockquote modern-quote modern-centered  avia-builder-el-34  el_before_av_button  avia-builder-el-first  av-inherit-size'><h3 class='av-special-heading-tag '  itemprop=\"headline\"  >PROFESSIONAL SERVICES<\/h3><div class='av_custom_color av-subheading av-subheading_below'><p>Mise en \u0153uvre, audit et soutien des solutions WALLIX<\/p>\n<\/div><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><br \/>\n<div  class='avia-button-wrap av-775665-65e5bc4d5c82741969f15a0b8ba34538-wrap avia-button-center  avia-builder-el-35  el_after_av_heading  avia-builder-el-last '>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-775665-65e5bc4d5c82741969f15a0b8ba34538\">\n#top #wrap_all .avia-button.av-775665-65e5bc4d5c82741969f15a0b8ba34538{\nbackground-color:#ec6707;\nborder-color:#ea6e52;\ncolor:#ffffff;\nborder-style:solid;\nborder-width:1px 1px 1px 1px;\ntransition:all 0.4s ease-in-out;\n}\n#top #wrap_all .avia-button.av-775665-65e5bc4d5c82741969f15a0b8ba34538:hover{\nbackground-color:#ffffff;\ncolor:#f17c00;\ntransition:all 0.4s ease-in-out;\n}\n#top #wrap_all .avia-button.av-775665-65e5bc4d5c82741969f15a0b8ba34538 .avia-svg-icon svg:first-child{\nfill:#ffffff;\nstroke:#ffffff;\n}\n#top #wrap_all .avia-button.av-775665-65e5bc4d5c82741969f15a0b8ba34538:hover .avia-svg-icon svg:first-child{\nfill:#f17c00;\nstroke:#f17c00;\n}\n<\/style>\n<a href='https:\/\/www.wallix.com\/fr\/services-et-support\/services-professionnels\/'  class='avia-button av-775665-65e5bc4d5c82741969f15a0b8ba34538 av-link-btn avia-icon_select-no avia-size-large avia-position-center'  target=\"_blank\"  rel=\"noopener noreferrer\"  aria-label=\"PROFESSIONAL SERVICES\"><span class='avia_iconbox_title' >PROFESSIONAL SERVICES<\/span><\/a><\/div><\/p><\/div><div class='av-flex-placeholder'><\/div>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-5l8jvh-4926330bb5166149bc14493c9e84dfe8\">\n.flex_column.av-5l8jvh-4926330bb5166149bc14493c9e84dfe8{\nwidth:23.125%;\nmargin-left:0;\npadding:20px 20px 20px 20px;\n}\n#top .flex_column_table.av-equal-height-column-flextable.av-5l8jvh-4926330bb5166149bc14493c9e84dfe8 .av-flex-placeholder{\nwidth:2.5%;\n}\n<\/style>\n<div  class='flex_column av-5l8jvh-4926330bb5166149bc14493c9e84dfe8 av_one_fourth  avia-builder-el-36  el_after_av_one_fourth  avia-builder-el-last  flex_column_table_cell av-equal-height-column av-align-top av-animated-generic bottom-to-top  '     ><p>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-472zvh-04f805af9b7e879ec1a0893b4737cf09\">\n#top .av-special-heading.av-472zvh-04f805af9b7e879ec1a0893b4737cf09{\nmargin:5px 5px 5px 5px;\npadding-bottom:10px;\ncolor:#ffffff;\nfont-size:24px;\n}\nbody .av-special-heading.av-472zvh-04f805af9b7e879ec1a0893b4737cf09 .av-special-heading-tag .heading-char{\nfont-size:25px;\n}\n#top #wrap_all .av-special-heading.av-472zvh-04f805af9b7e879ec1a0893b4737cf09 .av-special-heading-tag{\nfont-size:24px;\n}\n.av-special-heading.av-472zvh-04f805af9b7e879ec1a0893b4737cf09 .special-heading-inner-border{\nborder-color:#ffffff;\n}\n.av-special-heading.av-472zvh-04f805af9b7e879ec1a0893b4737cf09 .av-subheading{\nfont-size:16px;\ncolor:#ec6707;\n}\n\n@media only screen and (min-width: 480px) and (max-width: 767px){ \n#top #wrap_all .av-special-heading.av-472zvh-04f805af9b7e879ec1a0893b4737cf09 .av-special-heading-tag{\nfont-size:0.8em;\n}\n}\n\n@media only screen and (max-width: 479px){ \n#top #wrap_all .av-special-heading.av-472zvh-04f805af9b7e879ec1a0893b4737cf09 .av-special-heading-tag{\nfont-size:0.8em;\n}\n}\n<\/style>\n<div  class='av-special-heading av-472zvh-04f805af9b7e879ec1a0893b4737cf09 av-special-heading-h3 custom-color-heading blockquote modern-quote modern-centered  avia-builder-el-37  el_before_av_button  avia-builder-el-first  av-inherit-size'><h3 class='av-special-heading-tag '  itemprop=\"headline\"  >WALLIX<br \/>\nACADEMY<\/h3><div class='av_custom_color av-subheading av-subheading_below'><p>Formation et certifications pour les partenaires et les utilisateurs finaux<\/p>\n<\/div><div class=\"special-heading-border\"><div class=\"special-heading-inner-border\"><\/div><\/div><\/div><br \/>\n<div  class='avia-button-wrap av-20pa31-a5270c99db67740c864a29d0805dca72-wrap avia-button-center  avia-builder-el-38  el_after_av_heading  avia-builder-el-last '>\n<style type=\"text\/css\" data-created_by=\"avia_inline_auto\" id=\"style-css-av-20pa31-a5270c99db67740c864a29d0805dca72\">\n#top #wrap_all .avia-button.av-20pa31-a5270c99db67740c864a29d0805dca72{\nbackground-color:#ec6707;\nborder-color:#ea6e52;\ncolor:#ffffff;\nborder-style:solid;\nborder-width:1px 1px 1px 1px;\ntransition:all 0.4s ease-in-out;\n}\n#top #wrap_all .avia-button.av-20pa31-a5270c99db67740c864a29d0805dca72:hover{\nbackground-color:#ffffff;\ncolor:#f17c00;\ntransition:all 0.4s ease-in-out;\n}\n#top #wrap_all .avia-button.av-20pa31-a5270c99db67740c864a29d0805dca72 .avia-svg-icon svg:first-child{\nfill:#ffffff;\nstroke:#ffffff;\n}\n#top #wrap_all .avia-button.av-20pa31-a5270c99db67740c864a29d0805dca72:hover .avia-svg-icon svg:first-child{\nfill:#f17c00;\nstroke:#f17c00;\n}\n<\/style>\n<a href='https:\/\/www.wallix.com\/fr\/services-et-support\/wallix-academy\/'  class='avia-button av-20pa31-a5270c99db67740c864a29d0805dca72 av-link-btn avia-icon_select-no avia-size-large avia-position-center'  target=\"_blank\"  rel=\"noopener noreferrer\"  aria-label=\"FORMATION\"><span class='avia_iconbox_title' >FORMATION<\/span><\/a><\/div><\/p><\/div><\/div><!--close column table wrapper. Autoclose: 1 -->\n\n","protected":false},"excerpt":{"rendered":"","protected":false},"author":3,"featured_media":0,"parent":41706,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"class_list":["post-41720","page","type-page","status-publish","hentry"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Alertes et avis - Cybers\u00e9curit\u00e9 | Informations de s\u00e9curit\u00e9 WALLIX<\/title>\n<meta name=\"description\" content=\"Restez inform\u00e9 avec les Alertes Wallix : avis de s\u00e9curit\u00e9 en temps r\u00e9el et alertes de service pour vous aider \u00e0 r\u00e9duire les vuln\u00e9rabilit\u00e9s et prot\u00e9ger vos syst\u00e8mes.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.wallix.com\/fr\/services-et-support\/alertes-de-securite\/\" \/>\n<meta property=\"og:locale\" content=\"fr_FR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Alertes et avis - Cybers\u00e9curit\u00e9 | Informations de s\u00e9curit\u00e9 WALLIX\" \/>\n<meta property=\"og:description\" content=\"Restez inform\u00e9 avec les Alertes Wallix : avis de s\u00e9curit\u00e9 en temps r\u00e9el et alertes de service pour vous aider \u00e0 r\u00e9duire les vuln\u00e9rabilit\u00e9s et prot\u00e9ger vos syst\u00e8mes.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.wallix.com\/fr\/services-et-support\/alertes-de-securite\/\" \/>\n<meta property=\"og:site_name\" content=\"WALLIX\" \/>\n<meta property=\"article:modified_time\" content=\"2026-03-16T15:51:48+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@wallixcom\" \/>\n<meta name=\"twitter:label1\" content=\"Dur\u00e9e de lecture estim\u00e9e\" \/>\n\t<meta name=\"twitter:data1\" content=\"13 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.wallix.com\\\/fr\\\/services-et-support\\\/alertes-de-securite\\\/\",\"url\":\"https:\\\/\\\/www.wallix.com\\\/fr\\\/services-et-support\\\/alertes-de-securite\\\/\",\"name\":\"Alertes et avis - Cybers\u00e9curit\u00e9 | Informations de s\u00e9curit\u00e9 WALLIX\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.wallix.com\\\/fr\\\/#website\"},\"datePublished\":\"2024-01-23T14:46:57+00:00\",\"dateModified\":\"2026-03-16T15:51:48+00:00\",\"description\":\"Restez inform\u00e9 avec les Alertes Wallix : avis de s\u00e9curit\u00e9 en temps r\u00e9el et alertes de service pour vous aider \u00e0 r\u00e9duire les vuln\u00e9rabilit\u00e9s et prot\u00e9ger vos syst\u00e8mes.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.wallix.com\\\/fr\\\/services-et-support\\\/alertes-de-securite\\\/#breadcrumb\"},\"inLanguage\":\"fr-FR\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.wallix.com\\\/fr\\\/services-et-support\\\/alertes-de-securite\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.wallix.com\\\/fr\\\/services-et-support\\\/alertes-de-securite\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"SERVICES ET SUPPORT\",\"item\":\"https:\\\/\\\/www.wallix.com\\\/fr\\\/services-et-support\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Alertes et avis\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.wallix.com\\\/fr\\\/#website\",\"url\":\"https:\\\/\\\/www.wallix.com\\\/fr\\\/\",\"name\":\"WALLIX\",\"description\":\"CYBERSECURITY SIMPLIFIED\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.wallix.com\\\/fr\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.wallix.com\\\/fr\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"fr-FR\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.wallix.com\\\/fr\\\/#organization\",\"name\":\"WALLIX\",\"url\":\"https:\\\/\\\/www.wallix.com\\\/fr\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"fr-FR\",\"@id\":\"https:\\\/\\\/www.wallix.com\\\/fr\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.wallix.com\\\/wp-content\\\/uploads\\\/2024\\\/03\\\/LOGO_WALLIX_2024_blackorange.png\",\"contentUrl\":\"https:\\\/\\\/www.wallix.com\\\/wp-content\\\/uploads\\\/2024\\\/03\\\/LOGO_WALLIX_2024_blackorange.png\",\"width\":3108,\"height\":827,\"caption\":\"WALLIX\"},\"image\":{\"@id\":\"https:\\\/\\\/www.wallix.com\\\/fr\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/wallixcom\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/wallix\\\/\",\"https:\\\/\\\/www.youtube.com\\\/wallix\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Alertes et avis - Cybers\u00e9curit\u00e9 | Informations de s\u00e9curit\u00e9 WALLIX","description":"Restez inform\u00e9 avec les Alertes Wallix : avis de s\u00e9curit\u00e9 en temps r\u00e9el et alertes de service pour vous aider \u00e0 r\u00e9duire les vuln\u00e9rabilit\u00e9s et prot\u00e9ger vos syst\u00e8mes.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.wallix.com\/fr\/services-et-support\/alertes-de-securite\/","og_locale":"fr_FR","og_type":"article","og_title":"Alertes et avis - Cybers\u00e9curit\u00e9 | Informations de s\u00e9curit\u00e9 WALLIX","og_description":"Restez inform\u00e9 avec les Alertes Wallix : avis de s\u00e9curit\u00e9 en temps r\u00e9el et alertes de service pour vous aider \u00e0 r\u00e9duire les vuln\u00e9rabilit\u00e9s et prot\u00e9ger vos syst\u00e8mes.","og_url":"https:\/\/www.wallix.com\/fr\/services-et-support\/alertes-de-securite\/","og_site_name":"WALLIX","article_modified_time":"2026-03-16T15:51:48+00:00","twitter_card":"summary_large_image","twitter_site":"@wallixcom","twitter_misc":{"Dur\u00e9e de lecture estim\u00e9e":"13 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.wallix.com\/fr\/services-et-support\/alertes-de-securite\/","url":"https:\/\/www.wallix.com\/fr\/services-et-support\/alertes-de-securite\/","name":"Alertes et avis - Cybers\u00e9curit\u00e9 | Informations de s\u00e9curit\u00e9 WALLIX","isPartOf":{"@id":"https:\/\/www.wallix.com\/fr\/#website"},"datePublished":"2024-01-23T14:46:57+00:00","dateModified":"2026-03-16T15:51:48+00:00","description":"Restez inform\u00e9 avec les Alertes Wallix : avis de s\u00e9curit\u00e9 en temps r\u00e9el et alertes de service pour vous aider \u00e0 r\u00e9duire les vuln\u00e9rabilit\u00e9s et prot\u00e9ger vos syst\u00e8mes.","breadcrumb":{"@id":"https:\/\/www.wallix.com\/fr\/services-et-support\/alertes-de-securite\/#breadcrumb"},"inLanguage":"fr-FR","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.wallix.com\/fr\/services-et-support\/alertes-de-securite\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.wallix.com\/fr\/services-et-support\/alertes-de-securite\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"SERVICES ET SUPPORT","item":"https:\/\/www.wallix.com\/fr\/services-et-support\/"},{"@type":"ListItem","position":2,"name":"Alertes et avis"}]},{"@type":"WebSite","@id":"https:\/\/www.wallix.com\/fr\/#website","url":"https:\/\/www.wallix.com\/fr\/","name":"WALLIX","description":"CYBERSECURITY SIMPLIFIED","publisher":{"@id":"https:\/\/www.wallix.com\/fr\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.wallix.com\/fr\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"fr-FR"},{"@type":"Organization","@id":"https:\/\/www.wallix.com\/fr\/#organization","name":"WALLIX","url":"https:\/\/www.wallix.com\/fr\/","logo":{"@type":"ImageObject","inLanguage":"fr-FR","@id":"https:\/\/www.wallix.com\/fr\/#\/schema\/logo\/image\/","url":"https:\/\/www.wallix.com\/wp-content\/uploads\/2024\/03\/LOGO_WALLIX_2024_blackorange.png","contentUrl":"https:\/\/www.wallix.com\/wp-content\/uploads\/2024\/03\/LOGO_WALLIX_2024_blackorange.png","width":3108,"height":827,"caption":"WALLIX"},"image":{"@id":"https:\/\/www.wallix.com\/fr\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/wallixcom","https:\/\/www.linkedin.com\/company\/wallix\/","https:\/\/www.youtube.com\/wallix"]}]}},"_links":{"self":[{"href":"https:\/\/www.wallix.com\/fr\/wp-json\/wp\/v2\/pages\/41720","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.wallix.com\/fr\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/www.wallix.com\/fr\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/www.wallix.com\/fr\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.wallix.com\/fr\/wp-json\/wp\/v2\/comments?post=41720"}],"version-history":[{"count":35,"href":"https:\/\/www.wallix.com\/fr\/wp-json\/wp\/v2\/pages\/41720\/revisions"}],"predecessor-version":[{"id":75473,"href":"https:\/\/www.wallix.com\/fr\/wp-json\/wp\/v2\/pages\/41720\/revisions\/75473"}],"up":[{"embeddable":true,"href":"https:\/\/www.wallix.com\/fr\/wp-json\/wp\/v2\/pages\/41706"}],"wp:attachment":[{"href":"https:\/\/www.wallix.com\/fr\/wp-json\/wp\/v2\/media?parent=41720"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}