WALLIX Access Manager (Access Manager) provides connection services between Web browsers and targets on which users are authorized to log on. Target accesses are performed through WALLIX Bastion appliances. The connections are done using HTML5 clients; no browser plug-in is required.
WALLIX Access Manager 5.1.3.0 requires a minimum of 4GB RAM and 50GB disk space. Contact the WALLIX Support Team if more information on sizing parameters is required.
Any network equipment (proxy or firewall) positioned in front of WALLIX Access Manager must support the WebSocket protocol.
The following versions of Web browsers can be used with Access Manager:
WALLIX Support Team will provide a best-effort assistance on tickets related to the previous versions of these browsers, with no obligation to achieve a fixed result.
Please refer to keyboard layouts for the list of supported keyboards.
WALLIX Access Manager 5.1.3.0 is compatible with WALLIX Bastion versions listed in the compatibility matrix available here.
To ensure security and stability, we recommend that you always install the latest hotfix of WALLIX Bastion.
Please also refer to Known Issues and Known Limitations.
Access Manager can be updated to version 5.1.3.0 from any version with a release date earlier than the release date of version 5.1.3.0.
If migrating from an application version, refer to the detailed migration procedure in the Installation Guide.
If patches have been manually installed, contact WALLIX Support Team prior to upgrading Access Manager.
Universal Tunneling requires the latest version of the "AM Universal Tunneling" client. This new version can be downloaded from the Web interface of Access Manager.
WAB-1: Session Invite for Invited Users via Access Manager
From WALLIX Bastion 10.4 and WALLIX Access Manager 4.4, Session Invite enables a user (called the host) connected to WALLIX Access Manager to share their current RDP or VNC session with an external user (called the guest) who does not have a user account on WALLIX Access Manager or WALLIX Bastion. The guest is able to view the host's session and optionally control it when the host has given them control. Session Invite offers auditing on guest sessions, just like any other sessions.
WAB-1406: Upgrade of Elasticsearch
Upgrade Elasticsearch to version 8.13.4. As a result, some pages of the interface have been updated.
WAB-3405: Integrated SAML Workflow Between Access Manager and Bastion
From WALLIX Bastion 10.4 and WALLIX Access Manager 4.4, it is now possible to benefit from a complete SAML workflow to identify and authenticate users by using the same SAML Identity Provider on both Bastion and Access Manager.
WAB-4132: Access Manager Now Distributed as an Appliance
WALLIX Access Manager is no longer marketed as an installer. WALLIX Access Manager is available as one of the following virtual environments: Alibaba Cloud, Amazon Web Services (AWS), Google Cloud Platform (GCP), Kernel-based Virtual Machine (KVM), Microsoft Azure, Microsoft Hyper-V, Nutanix AHV, OpenStack, VMware vSphere.
WAB-6270: Universal Tunneling - Multi-Tunneling - Remote Access
Following the extension of Universal Tunneling with Multi-Tunneling on WALLIX Bastion, Multi-Tunneling is also available on Access Manager to enable simultaneous access to up to 50 interfaces in the same session. The opening of Universal Tunneling sessions has also been simplified.
WAB-6544: Troubleshooting Tool for Access Manager
Implementation of a troubleshooting tool. This tool will be used at the request of the WALLIX Support Team to help retrieve information and analyze issues.
WAB-9105: Configuration of TCP Ports Per Bastion in Access Manager
To ease deployment of the WALLIX Access Manager in all network types, TCP ports of WALLIX Bastion services (HTTPS, SSH, RDP) can be set: these configuration options are available in the advanced options for each configured Bastion on the WALLIX Access Manager.
WAB-9889: Dependency Upgrades
Update of the following dependencies: jetty, bouncycastle, commons-codec, commons-configuration, commons-fileupload, commons-lang3, guava, hibernate-validator, httpclient, jackson, jackson-core, jackson-databind, log4j, jose4j, mysql-connector, opencsv, opensaml, tika-core, zip4j, ipadress, api-all, gwt, gwt-maven-plugin, asm, javan FreeRDP.
Update of the following JS dependencies: React, webcomponents-lite.js, Xterm.js.
WAB-13606: New Default Mapping of Services (Admin, User, HA) and Network Interfaces:
Modifies the default behavior of network interface mapping. The administration service, which gives access to all organizations, including the global organization, as well as to the appliance configuration, remains the only mandatory service and is associated with the first interface by default. The high availability service becomes optional but must be associated with the second interface if the service is activated. The user service, giving access to all organizations except the global organization, becomes optional and associated with the third interface by default.
WAB-8071: Fix rights on docker overlay.WAB-9760: Fix a bug when changing and saving multiple times a toggle button setting value.WAB-10053: Fix usage of password as parameter of the "wabam-certificate-upgrade" command.WAB-10818: Update the python3-tz package to version 2024.1-2~bpo10+wallix1 to synchronize with latest timezone changes.WAB-11767: Fix clearing the target clipboard was not working when using the "Clear clipboard" option in RDP sessions.WAB-11999: Fix security issue caused by the database root password being displayed in the process list and in error messages.WAB-12244: Fix corrupted license dates caused by a database restore using a CLI command, which prevents generating new licenses.WAB-12257: Remove the requirement to have an interface associated to "Access Manager".WAB-12290: Fix the status of the mariadb docker which was previously set to ‘unhealthy’ after using the "WABChangeDbRootPassword" script.WAB-12345: Fix the use of RAWTCPIP connection in an SAML user session.WAB-12490: Fix missing DNS servers after reboot of Access Manager.WAB-12503: Fix Access Manager docker KO after changing the IP address of the user interface.WAB-12660: Fix unspecified error during file upload in RDP sessions.WAB-12900: Improve RDP sessions in full screen mode. It is now possible to resize the window or apply a scale factor dynamically after a RDP target session is open. The display behavior has been improved so that the target uses all the available space in the web browser and makes the blurriness disappear in most cases.WAB-12957: Fix an issue when deleting the /root/sqlreplication/servers_list file during the reinstallation of the SQL replication. The uninstallation must be carried out in version 5.2 and higher.WAB-13006: Fix modprobe error log when upgrading.WAB-13007: Fix blurriness in RDP session.WAB-13034: Fix issue with backup/restore done from GUI where some data were not readable after restore. Old backups done from GUI before this fix are still impacted by this issue.WAB-13132: Add audit logs for configuration of Bastion TCP ports and activation.WAB-13147: Fix the SCP upload and download when the remote path contains the ":" character.WAB-13149: Fix the "WABChangeDbRootPassword" command to accept the "$" character.WAB-13205: Fix the presence of the "servers_list" file on remote node on SQL replication installation.WAB-13248: Fix issue with URL redirection on user interface. The users are now redirected to the "default" organization instead of an administration page.WAB-13271: Update OpenSSH packages to fix this security advice: CVE-2025-26465.WAB-13272: Update libgnutls30 package to fix this security advice: CVE-2024-12243.WAB-13302: Fix ElasticSearch issue after an upgrade causing the session audit to stop working.WAB-13333: Fix a bug where WALLIX Access Manager was accessible via SSH on the default user interface.WAB-13469: Fix network page error when DNS resolution returns "No Answer".WAB-13583: Fix session id not being correctly renewed between different web sessions from the same web browser.WAB-13600: Fix incorrect load balancing between Bastions in a cluster.WAB-13618: Fix SSH keys not displayed in Target Passwords, if lock is enabled in the checkout policy.WAB-13669: Fixed a problem during user identification at login time where the order set for LDAP or Bastion domain was not respected.WAB-13727: Fix signature issue for WAMUT.WAB-9846: Fix sharing of sensitive data in network traffic.WAB-10687: Fix an error in the WALLIXApplianceCertificat command preventing correct generation
of the server certificate.WAB-11105: Fix high CPU usage in case of network issues between Access Manager and Bastion
during
RDP sessions.WAB-11290: Fix blur in RDP sessions when in full-screen mode.WAB-12246: Fix an unhealthy container after an upgrade that caused the GUI to become
inaccessible.WAB-12250: Fix API key and OTP values from the Bastion being visible in Apache HTTP Client
debug logs. These values are now hidden.WAB-12266: Fix blurry display when resizing the browser window in full-screen mode.WAB-12270: Fix the creation of network routes in the GUI.WAB-12360: Fix the display of the default gateway in the GUI.WAB-12416: Improve the Administration Guide regarding multiple organizations, specifying that
users must include the organization identifier in the URL.WAB-12445: Fix certain error messages that were no longer displayed correctly.WAB-12460: Fix permissions on Access Manager configuration files.WAB-12465: Fix log access permissions for the wabadmin user.WAB-12467: Fix issue to ensure that adding new routes with a subnet of 255.255.255.255
or 32 to the appliance interface no longer deletes routes with a submask of 255.255.255.255 or 32.WAB-12468: Fix issue allowing the configuration of an invalid password when using the
WABChangeDbRootPassword command.WAB-12477: Fix ghost interfaces in KVM, VMware, and Hyper-V images that prevented the correct
setup of database replication.WAB-12493: Fix an issue when selecting Kyiv as the server's time zone.WAB-12496: Fix network form submission on an appliance with a single interface.WAB-12678: Fix rdp.colorDepth and rdp.network.connectionState settings not overriding global
settings when configured at the organization level.WAB-12035: Fix an issue that allowed an expired LDAP or Active Directory user account to
connect to the Access Manager using an X509 certificate.WAB-9846: Fix sharing of sensitive data in network traffic.WAB-8071: Fix rights on docker overlay.WAB-9760: Fix a bug when changing and saving multiple times a toggle button setting value.
WAB-10053: Fix usage of password as parameter of the "wabam-certificate-upgrade" command.
WAB-10818: Update the python3-tz package to version 2024.1-2~bpo10+wallix1 to synchronize
with latest timezone changes.
WAB-11767: Fix clearing the target clipboard was not working when using the "Clear
clipboard" option in RDP sessions.
WAB-11999: Fix security issue caused by the database root password being displayed in the
process list and in error messages.
WAB-12244: Fix corrupted license dates caused by a database restore using a CLI command,
which prevents generating new licenses.
WAB-12257: Remove the requirement to have an interface associated to "Access Manager".WAB-12290: Fix the status of the mariadb docker which was previously set to ‘unhealthy’
after using the "WABChangeDbRootPassword" script.
WAB-12345: Fix the use of RAWTCPIP connection in an SAML user session.WAB-12490: Fix missing DNS servers after reboot of Access Manager.WAB-12503: Fix Access Manager docker KO after changing the IP address of the user
interface.
WAB-12660: Fix unspecified error during file upload in RDP sessions.WAB-12900: Improve RDP sessions in full screen mode. It is now possible to resize the
window or apply a scale factor dynamically after a RDP target session is open. The display behavior has
been improved so that the target uses all the available space in the web browser and makes the
blurriness disappear in most cases.
WAB-12957: Fix an issue when deleting the /root/sqlreplication/servers_list file during the
reinstallation of the SQL replication. The uninstallation must be carried out in version 5.2 and higher.
WAB-13006: Fix modprobe error log when upgrading.WAB-13007: Fix blurriness in RDP session.WAB-13034: Fix issue with backup/restore done from GUI where some data were not readable
after restore. Old backups done from GUI before this fix are still impacted by this issue.
WAB-13132: Add audit logs for configuration of Bastion TCP ports and activation.WAB-13147: Fix the SCP upload and download when the remote path contains the ":" character.
WAB-13149: Fix the "WABChangeDbRootPassword" command to accept the "$" character.WAB-13205: Fix the presence of the "servers_list" file on remote node on SQL replication
installation.
WAB-13248: Fix issue with URL redirection on user interface. The users are now redirected
to the "default" organization instead of an administration page.
WAB-13271: Update OpenSSH packages to fix this security advice: CVE-2025-26465.WAB-13272: Update libgnutls30 package to fix this security advice: CVE-2024-12243.WAB-13302: Fix ElasticSearch issue after an upgrade causing the session audit to stop
working.
WAB-13333: Fix a bug where WALLIX Access Manager was accessible via SSH on the default user
interface.
WAB-13469: Fix network page error when DNS resolution returns "No Answer".WAB-13583: Fix session id not being correctly renewed between different web sessions from
the same web browser.
WAB-13600: Fix incorrect load balancing between Bastions in a cluster.WAB-13618: Fix SSH keys not displayed in Target Passwords, if lock is enabled in the
checkout policy.
WAB-13669: Fixed a problem during user identification at login time where the order set for
LDAP or Bastion domain was not respected.
WAB-13727: Fix signature issue for WAMUT.WAB-4092: Fix the redirection to the default organization by adding the SameSite cookie
attribute.WAB-6033: Fix the refresh of search results when entering non-alphanumeric characters in the
search bar of the "Authorizations" and "Tags" views.WAB-6337: Fix the SNMP disk monitoring.WAB-6397: Fix the multi-factor authentication issue with X509 as the first factor and Radius
as
the
second factor.WAB-6993: Fix the audit session duplication when searching by keyword.WAB-7021: Update the copyright notice and add the year of the first product publication on
the
homepage.WAB-7218: Fix the search when using the target account and/or target device filters.WAB-7382: Fix "Unknown error when resizing logical volumes" during migration.WAB-7589: Fix the issue preventing a virtual interface from being added to the administration
interface of the Access Manager.WAB-7605: Fix the incorrect behavior when enabling or disabling IP Source Routing when /32
routes were deleted.WAB-7635: Fix the display of symbolic links to folders in SFTP sessions.WAB-7654: Fix the "Clear Clipboard" option that empties the "Download File" option in the
clipboard menu.WAB-7660: Fix consistency between services displayed as enabled in appliance GUI and the real
configuration applied.WAB-7705: Improve the route definition by accepting host bit set. The applied route is
normalized, and a warning message is logged in /var/log/syslog.WAB-7925: Fix the date display error after editing a date field.WAB-8058: Prevent the creation of organizations with the names: "auth", "logout", "css",
"fonts", "js", "PortalWebapp", "RdpWebapp", "SftpWebapp", "SshWebapp", "themes", "images". Names are not
case-sensitive.WAB-8174: Fix the account mapping for the multi-factor authentication with Radius.WAB-8175: Fix the pop-up error when closing an RDP session.WAB-8343: Bastion API key is now obfuscated in the Apache HTTP Client debug logs.WAB-8442: Fix the bug that blocked the delete button in the SFTP session when the screen was
too small.WAB-8525: Fix an issue on RDP sessions that could crash Access Manager in the case of high
network
latencies.WAB-8548: Update the iproute2 package to version 5.10.0-4~bpo10+1.WAB-8923: Fix the error message when the Bastion SSH proxy cannot be reached.WAB-8995: Fix the error related to the missing user-agent header.WAB-9046: Improve the resilience by replacing the NTP package by NTPsec.WAB-9265: Fix the inability to upload files to an RDP target when an ICAP server is
configured.
WAB-9287: Fix the error message for the SCP sessions and remote commands when the Bastion SSH
proxy cannot be reached.WAB-9476: Remove the interface element related to the deprecated HA DRBD feature.WAB-9499: Fix the issue with the authorization synchronization where the changes to the
Session
Invite configuration were
not correctly detected.WAB-9511: When used within a cluster, a deactivated bastion could be used to access linked
authorizations
intead of choosing one of those available.WAB-9538: Fix the error popup not being displayed in the case of a database backup download
error.
WAB-9620: Fix the redirection to the Access Manager's login page.WAB-9825: Fix the target access in account mapping with a password containing special
characters. This is only
compatible with a Bastion API version greater than or equal to 3.12.WAB-9894: Fix the --certificate option for the wabam-certificate-update command line
appliance
wrapper.WAB-10047: Fix the approval verification for Universal Tunneling authorizations when seamless
connection is enabled.WAB-10334: Fix the timezone issue with licenses.WAB-10396: Remove the undocumented requirement of at least 3 reachable NTP servers for the
time
service to
properly set the time.WAB-10406: Fix the security issue caused by the display of the database root password in the
process list and in
error messages.WAB-10747: Update the Kernel to version 5.10.218-1+wallix1 to fix the following security
issues:
CVE-2022-48655 CVE-2023-52585 CVE-2023-52882 CVE-2024-26900 CVE-2024-27398 CVE-2024-27399 CVE-2024-27401
CVE-2024-35848 CVE-2024-35947 CVE-2024-36017 CVE-2024-36031 CVE-2024-36883 CVE-2024-36886 CVE-2024-36889
CVE-2024-36902 CVE-2024-36904 CVE-2024-36905 CVE-2024-36916 CVE-2024-36919 CVE-2024-36929 CVE-2024-36933
CVE-2024-36934 CVE-2024-36939 CVE-2024-36940 CVE-2024-36941 CVE-2024-36946 CVE-2024-36950 CVE-2024-36953
CVE-2024-36954 CVE-2024-36957 CVE-2024-36959 CVE-2024-36960 CVE-2022-38096 CVE-2023-6270 CVE-2023-7042
CVE-2023-28746 CVE-2023-47233 CVE-2023-52429 CVE-2023-52434 CVE-2023-52435 CVE-2023-52447 CVE-2023-52458
CVE-2023-52482 CVE-2023-52486 CVE-2023-52488 CVE-2023-52489 CVE-2023-52491 CVE-2023-52492 CVE-2023-52493
CVE-2023-52497 CVE-2023-52498 CVE-2023-52583 CVE-2023-52587 CVE-2023-52594 CVE-2023-52595 CVE-2023-52597
CVE-2023-52598 CVE-2023-52599 CVE-2023-52600 CVE-2023-52601 CVE-2023-52602 CVE-2023-52603 CVE-2023-52604
CVE-2023-52606 CVE-2023-52607 CVE-2023-52614 CVE-2023-52615 CVE-2023-52616 CVE-2023-52617 CVE-2023-52618
CVE-2023-52619 CVE-2023-52620 CVE-2023-52622 CVE-2023-52623 CVE-2023-52627 CVE-2023-52635 CVE-2023-52637
CVE-2023-52642 CVE-2023-52644 CVE-2023-52650 CVE-2023-52656 CVE-2023-52669 CVE-2023-52670 CVE-2023-52672
CVE-2023-52699 CVE-2023-52880 CVE-2024-0340 CVE-2024-0565 CVE-2024-0607 CVE-2024-0841 CVE-2024-1151
CVE-2024-22099 CVE-2024-23849 CVE-2024-23850 CVE-2024-23851 CVE-2024-24857 CVE-2024-24858 CVE-2024-24861
CVE-2024-25739 CVE-2024-26581 CVE-2024-26593 CVE-2024-26600 CVE-2024-26601 CVE-2024-26602 CVE-2024-26606
CVE-2024-26610 CVE-2024-26614 CVE-2024-26615 CVE-2024-26622 CVE-2024-26625 CVE-2024-26627 CVE-2024-26635
CVE-2024-26636 CVE-2024-26640 CVE-2024-26641 CVE-2024-26642 CVE-2024-26643 CVE-2024-26644 CVE-2024-26645
CVE-2024-26651 CVE-2024-26654 CVE-2024-26659 CVE-2024-26663 CVE-2024-26664 CVE-2024-26665 CVE-2024-26671
CVE-2024-26673 CVE-2024-26675 CVE-2024-26679 CVE-2024-26684 CVE-2024-26685 CVE-2024-26687 CVE-2024-26688
CVE-2024-26689 CVE-2024-26695 CVE-2024-26696 CVE-2024-26697 CVE-2024-26698 CVE-2024-26702 CVE-2024-26704
CVE-2024-26707 CVE-2024-26712 CVE-2024-26720 CVE-2024-26722 CVE-2024-26727 CVE-2024-26733 CVE-2024-26735
CVE-2024-26736 CVE-2024-26743 CVE-2024-26744 CVE-2024-26747 CVE-2024-26748 CVE-2024-26749 CVE-2024-26751
CVE-2024-26752 CVE-2024-26753 CVE-2024-26754 CVE-2024-26763 CVE-2024-26764 CVE-2024-26766 CVE-2024-26771
CVE-2024-26772 CVE-2024-26773 CVE-2024-26776 CVE-2024-26777 CVE-2024-26778 CVE-2024-26779 CVE-2024-26781
CVE-2024-26782 CVE-2024-26787 CVE-2024-26788 CVE-2024-26790 CVE-2024-26791 CVE-2024-26793 CVE-2024-26795
CVE-2024-26801 CVE-2024-26804 CVE-2024-26805 CVE-2024-26808 CVE-2024-26809 CVE-2024-26810 CVE-2024-26812
CVE-2024-26813 CVE-2024-26814 CVE-2024-26816 CVE-2024-26817 CVE-2024-26820 CVE-2024-26825 CVE-2024-26833
CVE-2024-26835 CVE-2024-26839 CVE-2024-26840 CVE-2024-26843 CVE-2024-26845 CVE-2024-26846 CVE-2024-26848
CVE-2024-26851 CVE-2024-26852 CVE-2024-26855 CVE-2024-26857 CVE-2024-26859 CVE-2024-26861 CVE-2024-26862
CVE-2024-26863 CVE-2024-26870 CVE-2024-26872 CVE-2024-26874 CVE-2024-26875 CVE-2024-26877 CVE-2024-26878
CVE-2024-26880 CVE-2024-26882 CVE-2024-26883 CVE-2024-26884 CVE-2024-26885 CVE-2024-26889 CVE-2024-26891
CVE-2024-26894 CVE-2024-26895 CVE-2024-26897 CVE-2024-26898 CVE-2024-26901 CVE-2024-26903 CVE-2024-26906
CVE-2024-26907 CVE-2024-26910 CVE-2024-26917 CVE-2024-26922 CVE-2024-26923 CVE-2024-26924 CVE-2024-26925
CVE-2024-26926 CVE-2024-26931 CVE-2024-26934 CVE-2024-26935 CVE-2024-26937 CVE-2024-26950 CVE-2024-26951
CVE-2024-26955 CVE-2024-26956 CVE-2024-26957 CVE-2024-26958 CVE-2024-26960 CVE-2024-26961 CVE-2024-26965
CVE-2024-26966 CVE-2024-26969 CVE-2024-26970 CVE-2024-26973 CVE-2024-26974 CVE-2024-26976 CVE-2024-26978
CVE-2024-26981 CVE-2024-26984 CVE-2024-26988 CVE-2024-26993 CVE-2024-26994 CVE-2024-26997 CVE-2024-26999
CVE-2024-27000 CVE-2024-27001 CVE-2024-27004 CVE-2024-27008 CVE-2024-27013 CVE-2024-27020 CVE-2024-27024
CVE-2024-27025 CVE-2024-27028 CVE-2024-27030 CVE-2024-27038 CVE-2024-27043 CVE-2024-27044 CVE-2024-27045
CVE-2024-27046 CVE-2024-27047 CVE-2024-27051 CVE-2024-27052 CVE-2024-27053 CVE-2024-27059 CVE-2024-27065
CVE-2024-27073 CVE-2024-27074 CVE-2024-27075 CVE-2024-27076 CVE-2024-27077 CVE-2024-27078 CVE-2024-27388
CVE-2024-27395 CVE-2024-27396 CVE-2024-27405 CVE-2024-27410 CVE-2024-27412 CVE-2024-27413 CVE-2024-27414
CVE-2024-27416 CVE-2024-27417 CVE-2024-27419 CVE-2024-27431 CVE-2024-27436 CVE-2024-27437 CVE-2024-35785
CVE-2024-35789 CVE-2024-35791 CVE-2024-35796 CVE-2024-35805 CVE-2024-35806 CVE-2024-35807 CVE-2024-35809
CVE-2024-35811 CVE-2024-35813 CVE-2024-35815 CVE-2024-35819 CVE-2024-35821 CVE-2024-35822 CVE-2024-35823
CVE-2024-35825 CVE-2024-35828 CVE-2024-35829 CVE-2024-35830 CVE-2024-35833 CVE-2024-35835 CVE-2024-35837
CVE-2024-35845 CVE-2024-35847 CVE-2024-35849 CVE-2024-35852 CVE-2024-35853 CVE-2024-35854 CVE-2024-35855
CVE-2024-35871 CVE-2024-35877 CVE-2024-35879 CVE-2024-35884 CVE-2024-35886 CVE-2024-35888 CVE-2024-35893
CVE-2024-35895 CVE-2024-35896 CVE-2024-35897 CVE-2024-35898 CVE-2024-35899 CVE-2024-35900 CVE-2024-35902
CVE-2024-35905 CVE-2024-35910 CVE-2024-35915 CVE-2024-35922 CVE-2024-35925 CVE-2024-35930 CVE-2024-35933
CVE-2024-35934 CVE-2024-35935 CVE-2024-35936 CVE-2024-35940 CVE-2024-35944 CVE-2024-35950 CVE-2024-35955
CVE-2024-35958 CVE-2024-35960 CVE-2024-35962 CVE-2024-35967 CVE-2024-35969 CVE-2024-35973 CVE-2024-35976
CVE-2024-35978 CVE-2024-35982 CVE-2024-35983 CVE-2024-35984 CVE-2024-35988 CVE-2024-35990 CVE-2024-35996
CVE-2024-35997 CVE-2024-36004 CVE-2024-36005 CVE-2024-36006 CVE-2024-36007 CVE-2024-36008 CVE-2024-36020
CVE-2023-6040 CVE-2023-6356 CVE-2023-6535 CVE-2023-6536 CVE-2023-6606 CVE-2023-6915 CVE-2023-39198
CVE-2023-46838 CVE-2023-51779 CVE-2023-52340 CVE-2023-52436 CVE-2023-52438 CVE-2023-52439 CVE-2023-52443
CVE-2023-52444 CVE-2023-52445 CVE-2023-52448 CVE-2023-52449 CVE-2023-52451 CVE-2023-52454 CVE-2023-52456
CVE-2023-52457 CVE-2023-52462 CVE-2023-52463 CVE-2023-52464 CVE-2023-52467 CVE-2023-52469 CVE-2023-52470
CVE-2023-52609 CVE-2023-52612 CVE-2023-52675 CVE-2023-52679 CVE-2023-52683 CVE-2023-52686 CVE-2023-52690
CVE-2023-52691 CVE-2023-52693 CVE-2023-52694 CVE-2023-52696 CVE-2023-52698 CVE-2024-0646 CVE-2024-1086
CVE-2024-24860 CVE-2024-26586 CVE-2024-26597 CVE-2024-26598 CVE-2024-26633.WAB-10893: Fix the clipboard issue due to the automatic browser translation.WAB-10964: Fix the error on the audit of live sessions.WAB-10980: Fix the issue allowing approvers to click multiple times on the accept/reject
buttons of an approval, thus
sending multiple responses simultaneously. The same behaviour was fixed for users wanting to cancel their
own
approval requests.WAB-11020: Fix WALLIX Bastion asking for a new password three times when changing the
password
for administrative
users (wabadmin, wabsuper, wabupgrade).WAB-11043: Update the python3 packages to version 3.7.3-2+deb10u8 to fix the following
security
issues:
CVE-2024-0397 CVE-2024-4032.WAB-11062: Fix the issue on RDP sessions that could cause Access Manager to crash in the case
of
high network
latencies.WAB-11066: Improve the default startup configuration for the WALLIX daemons.WAB-11068: Fix the WABChangeDbRootPassword CLI command so that it changes the root password
for
all hosts, not only
the localhost.WAB-11069: Update the python3.7 packages to version 3.7.3-2+deb10u7 to fix the following
security issues:
CVE-2023-6597 and CVE-2024-0450.WAB-11070: Fix the installation of the HA database replication when multiple administration
interfaces are defined.WAB-11173: Fix the restapi.* settings whose values for the organization were not correctly
applied.WAB-11275: Update the libcurl4 and libcurl3-gnutls packages to version 7.64.0-4+deb10u10 to
fix
the following
security issue: CVE-2024-7264.WAB-11782: Add the --prerequisite-check option for the replication of prerequisite tests.
WAB-11783: Add an explanation message informing the user to configure an HA interface before
starting the
replication installation.WAB-11786: Fix NullPointerException when writing certain errors in logs.WAB-11788: Fix the loss of connection to a network interface after saving a network
configuration without having
defined an Access Manager service on the same interface.WAB-11887: Fix the encoding issue on the RDP session web page, potentially leading to an XSS
vulnerability.WAB-4765: Update the Web interface labels and messages in German.WAB-6124: Add MySQL replication script in WALLIX Access Manager.WAB-7232: Improve RDP client memory usage.WAB-7415: Upgrade of multiple third-party components.WAB-7561: Add missing wrappers for the wabam-config-database and wabam-init-database
commands.
WAB-8550: Update cryptographic libraries.WAB-1315: Update Maverick SSH to version 1.7.56 to fix the following security issue:
CVE-2023-48795 (Terrapin Attack).WAB-1915: Fix RDP error displayed after upgrading WALLIX Access Manager, caused by
the
RDP keyboard preference stored in the Web browser cookies.WAB-1918: Fix "X509 Sign In" button that could appear on the login page even if the X509
authentication was disabled.WAB-2095: Fix WABVersion command executed with wabadmin or wabsuper that returned an
incorrect
response.WAB-2485: Remove support for weak SSL/TLS cypher suites. Improve cookie security.WAB-2486: Fix duplication of SAML Identity Provider.WAB-2491: Fix display of live audit for the RDP session.WAB-2492: Fix jetty DEBUG level logging.WAB-2500: Fix tab for the authorizations on sessions that was displayed when the user had
chosen "Last selected tab" in their preferences.WAB-2521: Fix display of the "Replay" button that appeared on the session audit page even if
the session had not been recorded.WAB-2524: Fix HTTP error 503 that was returned when configuring the P12 certificate of the
user
Web server on the appliance, even when the configuration had been successful. Add "wabam-certificate-update"
command to manage the server certificate.WAB-2525: Fix issue where Access Manager users' authorizations were not synchronized when the
account of the administrator who declared the Bastion in Access Manager did not exist on that Bastion.WAB-2736: Fix error that was displayed at the end of the "--help" option of the wabam-backup
command.WAB-2805: Fix fingerprint issue in a cluster of Bastions with the
"bastion.cluster.identical.mode" parameter enabled.WAB-2850: Update TinyRadius to version 1.1.3.WAB-2897: Fix "rdp.display.size" parameter in the "wabam.properties" file whose value was
being
used as the default value for the user interface resolution.WAB-3061: Update snmpd to version 5.9~bpo10+dfsg-4+deb11u1+wallix1.WAB-3644: After updating a Bastion, the Access Manager automatically takes into account the
new
version of the Bastion REST API.WAB-3647: Add new "rdp.clientName" parameter to customize the RDP client name used during the
RDP sessions.WAB-3663: Fix issue on the RDP sessions when the user sets the keyboard to "Nothing
selected".
WAB-3686: Add password authentication for wabadmin on GCP.WAB-3721: Add some missing calls to prevent JVM crashes.WAB-3775: Fix useless requests sent by the Web browser during RDP sessions in interactive
login.WAB-3864: Fix related to the use of the "email" attribute to login to an AD when the login
type
selected is "Email address".WAB-4013: Fix untimely refreshes of search results when entering non-alphanumeric characters
in
the search bar of the "Authorizations" and "Tags" views.WAB-4041: Fix vulnerability where the IP address of the Access Manager instance is visible in
the redirection headers.WAB-4123: Fix service control default values.WAB-4214: Avoid sending multiple keys at the same time when focusing the window in an RDP
session.WAB-4323: Fix navigation issue in a video session recording via the progress bar in the
Access
Manager with the Chrome browser.WAB-4400: Improve the security of the X-Frame-Options header.WAB-4460: Fix issue where video recording of a guest session was not available in Access
Manager when the guest session had been disconnected by the host. The video was available in Bastion as
expected.WAB-4553: Update documentation regarding the "bastion.cluster.identical.mode" parameter.WAB-4668: Fix issue where the Access Manager could not respond after some repeated operations
(download or upload of some files).WAB-4756: WALLIX appliances are not affected by the following security issues:
CVE-2023-25690,
CVE-2023-27522, CVE-2022-37436, CVE-2022-36760 and CVE-2006-20001.WAB-4889: Fix legacy method to copy/paste text in SSH targets.WAB-4938: Improve management of the "wabam.properties" file when the file system is full, to
prevent the file from being overwritten.WAB-4952: Fix failover when opening targets on clustered Bastions.WAB-4975: Prevent X-Forwarded-For spoofing by using trusted proxies verification.WAB-5152: Fix English labels in the "Preferences" page.WAB-5197: Fix typography that created errors during SSH connections with a "high" SSHD
configuration.WAB-5206: Improve keyboard detection based on the Web browser language when no keyboard is
set
in the user preferences for the RDP sessions.WAB-5237: Improve network interface names in the WALLIX Appliance configuration page.WAB-5249: Fix certificate upload to Access Manager.WAB-5271: Fix errors related to Search Guard when auditing sessions.WAB-5276: Update OpenSSL package to fix the following security issues: CVE-2022-2097,
CVE-2022-4304, CVE-2022-4450, CVE-2023-0215 and CVE-2023-0286.WAB-5292: Optimize interactions with Bastion REST API by improving authentication mechanism.
WAB-5310: Improve support of PEM files for the Certificate Authorities.WAB-5337: Fix file transfer between the RDP sessions without the "rdp.shared.clipboard"
parameter enabled in the new clipboard mode.WAB-5457: Fix ACLs on the administration Web interface for the wabadmin user.WAB-5487: Fix error during a connection test on the "Bastions" configuration page.WAB-5488: Fix detection of Bastion REST API version by the Access Manager Audit Session
process
at startup.WAB-5563: Improve purge of temporary data when Access Manager is shut down.WAB-5592: Update python packages to version 2.7.16-2+deb10u2 to fix the following security
issue: CVE-2021-3177.WAB-5693: Fix update of the login used for the session audit synchronization, to apply the
password change without having to restart the Access Manager.WAB-5841: Fix copyright dates.WAB-6201: Fix issue with the "Shift" key during RDP sessions.WAB-6285: Fix error that could occur when first synchronizing WALLIX Access Manager and
WALLIX
Bastion, if WALLIX Bastion had a substantial approval history.WAB-6292: Support multi-factor authentication with an x509 certificate as the first factor.
Previously, the following error message was returned when authenticating with the second factor when the
first
factor used was an x509 certificate: "Invalid login: the login is empty".WAB-6294: Fix Bastion name displayed in the audit logs, in a cluster of Bastions with
"bastion.cluster.identical.mode" enabled.WAB-6326: Fix LDAP password expiration management with Active Directory.WAB-6425: Fix application of the sysctl ipv4 configuration when the reverse path filtering
option was checked on the "Service control" page.WAB-6433: Fix numeric keypad status when the first key pressed in an RDP session is "Num
Lock".
WAB-6441: Fix security vulnerability on the audit for the Access Manager configured with
Multi-Tenancy.WAB-6587: Fix the rearrangement of authorizations when authorization names are changed on
Bastion (from Bastion REST API version 3.12 and later).WAB-6588: Fix the rearrangement of authorizations when device names are changed on Bastion
(from Bastion REST API version 3.12 and later).WAB-6590: Upgrade Kernel to version 5.10.181 to fix the following security issue:
CVE-2023-32233.WAB-6609: Upgrade python3 packages to version 3.7.3-2+deb10u5 to fix the following security
issues: CVE-2015-20107, CVE-2020-10735, CVE-2021-3426, CVE-2021-3733, CVE-2021-3737, CVE-2021-4189 and
CVE-2022-45061.WAB-6628: Fix scrollbar that disappears when enlarging the window size in an RDP session.
WAB-6642: Fix loss of default route each time WALLIX Bastion or WALLIX Access Manager is
restarted.WAB-6668: Fix network access issues when IP Source Routing (IPSR) is enabled.WAB-6764: Fix issue where an auditor from an organization without a Bastion could access
sessions in other organizations.WAB-6806: Update mariadb to version 10.5.19-0+deb11u2~bpo10+wallix1 to fix the following
security issue: CVE-2021-27928.WAB-6815: Update snmpd to version 5.9~bpo10+dfsg-4+deb11u1+wallix1.WAB-6817: Fix Web interface route loss when adding static routes with 32-bit mask.WAB-6859: Upgrade commons-configuration2 and api-all to correct the following security issue:
CVE-2022-42889.WAB-6914: Fix IPv6 route removal.WAB-6918: Fix Intel processor vulnerability: CVE-2022-40982.WAB-6924: Allow only strong algorithms with a "high" SSHD configuration.WAB-6964: Upgrade OpenSSL to version 1.1.1 to fix a memory leak and following security
issues:
CVE-2023-3817, CVE-2023-3446, CVE-2023-2650, CVE-2023-0466, CVE-2023-0465, CVE-2023-0464, CVE-2023-0286,
CVE-2023-0215, CVE-2022-4450, CVE-2022-4304, CVE-2022-2097, CVE-2022-2068, CVE-2022-1292, CVE-2022-0778,
CVE-2021-3711, CVE-2021-3712, CVE-2021-3450, CVE-2021-3449, CVE-2021-23841, CVE-2021-23840 and
CVE-2020-1971.
WAB-6966: Upgrade Zlib library to fix CVE-2022-37434 (although not impacted) and a potential
memory leak.WAB-6967: Fix a memory leak of about 596 bytes for each file copied to an RDP target through
the clipboard.WAB-7176: Fix scrollbar display in SSH, RLOGIN and Telnet sessions on Google Chrome.WAB-7305: Fix two minor memory leaks on RDP sessions (RDPClient).WAB-7345: Fix purge of sessions on the administration interface.WAB-7356: Add documentation on the Xmx parameter in the Java Virtual Machine options, to be
used when increasing memory.WAB-7358: Update Java to version 8u382.WAB-7373: Add information in the Administration Guide about the authentication to a Bastion
domain that only allows the "Simple login" authentication type.WAB-7572: Generate a stronger password for database connection.WAB-7638: Fix error message when validating the Universal Tunneling form while the user
session
is expired.WAB-7713: Upgrade python packages to version 3.7.3-2+deb10u6 to fix the following security
issues: CVE-2022-48560, CVE-2022-48564, CVE-2022-48565, CVE-2022-48566 and CVE-2023-40217.WAB-7784: Fix Universal Tunneling sessions in the case of a connection error through the
tunnel.
WAB-8050: Update Redis to version 6.0.16-1~bpo10 to fix following security issues:
CVE-2022-0543, CVE-2021-32762, CVE-2021-32687, CVE-2021-32675, CVE-2021-32672, CVE-2021-32628,
CVE-2021-32627,
CVE-2021-32626 and CVE-2021-41099.WAB-8136: Update tzdata package to version 2021a-0+deb10u12 to include the latest changes to
the leap second list.WAB-8256: Update openssh package to version 7.9p1-10+wallix7.0+deb10u4 to fix the following
security issues: CVE-2021-41617, CVE-2023-48795 and CVE-2023-51385.WAB-8275: Reduce SSH cipher list to aes256-gcm@openssh.com, aes128-gcm@openssh.com,
aes256-ctr,
aes192-ctr, and aes128-ctr and MAC algorithms to hmac-sha2-512 and hmac-sha2-256 on port 2242 to fix the
following security issue: CVE-2023-48795.By disabling the signature of the SAML response and assertion, WALLIX Access Manager will be exposed to a security vulnerability since any user will be able to connect as an administrator.
WAB-3929: After restarting WALLIX Access Manager appliance following a p12 certificate
download or settings update, a 503 error appears, but changes are correctly saved.
WAB-4838: On appliance, the value of -Xmx in wabam.vmoptions (memory allocated to the
JVM) is not proportional to the total memory available. It is recommended to adapt this value
manually after installation or when the memory size of the appliance is modified.
WAB-4968: On an appliance with a 3-network interfaces, WALLIX Access Manager autofills
the SAML URL with the administration interface URL instead of the user interface URL contained in
the metadata file.
WAB-5348: X509 authentication is not possible on the administration interface of an
appliance. It is not possible to perform a X509 authentication on an appliance with a single network
interface.
WAB-6129: Users cannot paste data using the CTRL + V keyboard shortcut with Greek and
Russian keyboards.
WAB-8198: The "bastion-change-redis-password" command accepts an empty password
although this is not supported by WALLIX Bastion.
WAB-10259: The "WABGetGuiUrl", "WABChangeGrub", "WABBackupPurge", "WABChangeKeyboard",
"WABGuiCertificate", "WABInitReset", "WABNetworkConfiguration", "WABSecurityLevel",
"WABSetSnmpCredentials", "WABStartGui", "WABSetSnmpCredentials", "WABDailyNotification",
"WABExecuteBackup", "WABFixperms", "WABWSCParseSystemConfig", "WABSMK", "WABGenerateMySQLUUID",
"WABWeeklyReportNotification", commands are not meant to be used on an Access Manager appliance. If
you launch them, an error is displayed.
WAB-11153: SAML Authentication can fail due to a missing "SigAlg" query param with
Signed Messages activated and a "Redirect" binding type.
WAB-11343: After changing the WALLIX Bastion API key, users that already have a web
session opened will encounter an authentication error when opening RDP or SSH sessions. Users must
logout and login again for the new API key to be taken in account.
WAB-11785: Service control limit value is set to 10 when toggling iptables rules.WAB-11792: Guests cannot open more than one session sharing at a time in a browser. If
they do, they end up with the login screen of the Bastion proxy instead of being connected to the
session of the host.
WAB-11793: Guests cannot open the same session invite link on different tabs. If they
do, they end up on the login screen of the Bastion proxy instead of being connected to the session
of the host.
WAB-11794: Guests cannot open the same session invite link more than once. If they do,
they will end up on the login screen of the Bastion proxy instead of being connected to the session
of the host.
WAB-11796: When a host gives control on a session invite, the clipboard content is sent
to the guest session. We recommend copy/pasting an empty character string before giving control to
the guest.
WAB-11900: Live audit for guest or host session (session invite feature) does not work
with Bastion < 12.0.3.
WAB-11951: In TELNET sessions, using the backspace key visually adds a space instead of
deleting a character. This is a visual issue only, the command will be correct and the characters
deleted.
WAB-11996: The button "Replay session" is displayed even if the user has rejected the
recording. Clicking on the button displays an error message.
WAB-11997: Searching audit sessions with start date as criteria is not possible for
live sessions.
WAB-12152: When performing a search in the online Administration Guide of WALLIX Access
Manager, the links to the chapters do not work. We recommend downloading the guide in PDF format.
WAB-12198: Scale factor compensation is done only at session opening, so changing the
scale factor during an active session might impact the display.
WAB-12215: Domain creation, modification and deletion are not mentioned in the audit
logs.
WAB-12272: When connecting RDP to a Windows 7 target using RDP, if black squares appear
on the target screen, you must disable orders 3,27 of the connection policy in the Bastion
configuration.
WAB-12599: When the Access Manager has only one interface, on the service control page,
the "Access Manager" box must be ticked to save a configuration.
WAB-13018: After an upgrade from a version prior to the 5.1.2, in case of a deployment
with cloud-init with static ip address, the Access Manager can become unreachable after making
network changes. To prevent this, you have to configure manually the gateway one time on network
connection.
WAB-13122: When upgrading to version 4.3 or superior, the configuration of the CA (in
the organization and during the verification on the domain and the LDAP) will not be transferred.
Administrators will need to reconfigure the Access Manager. Until they do so, X509 authentication
will not work. However, the values for "web.cert.enable.crldp" and "web.cert.ocsp.responder.url" (in
"Application Settings") will still be configured after the upgrade.
WAB-1473: For smartphones and tablets: The multi-touch screens and the right-click
function are not supported. The rotation of the screen is not supported during the RDP sessions.
WAB-2035: On the "Authorizations" page, the deletion of a column does not work due to a
GWT limitation.
WAB-6600: CITRIX ADC/NetScaler load balancers with cookie-based session persistence are
incompatible with Universal Tunneling for clusters of WALLIX Access Manager.
WAB-7091: The OpenSSH server used on port 2242 is vulnerable to the disputed
vulnerability CVE-2020-15778. This vulnerability does not allow any elevation of privileges because
users authorized to connect already have execution rights.
WAB-7332: The LDAP/AD password change is not supported with Read Only Domain Controller
(RODC).
WAB-7333: Options to upload and download a file from the "Clipboard" menu are not
displayed during an RDP session on a target under Windows Server 2003.
WAB-7334: Only PAP and CHAP protocols are supported for RADIUS authentication.WAB-7335: After adding a Bastion, WALLIX Access Manager does not display the REST API
version if the administrator is renamed with a name not matching the one existing in the added
Bastion. This limitation has no impacts on users as WALLIX Access Manager checks and updates the
REST API version at each user synchronization.
WAB-7336: The authentication to WALLIX Access Manager fails when a password change is
required by the Bastion used as an authenticator and identifier. If the authentication fails, it is
necessary to connect first to the Bastion to change the password.
WAB-7337: Latency issues occur when displaying a large number of files in SFTP.WAB-7338: Due to limitations of Google Chrome and Mozilla Firefox, issues with keyboards may
occur. We invite you to visit these links for more details on some of these limitations: https://bugs.chromium.org/p/chromium/issues/detail?id=1279409
and https://bugzilla.mozilla.org/show_bug.cgi?id=1736594.
WAB-7674: Some keyboard shortcuts, such as Ctrl-W and Ctrl-T, are reserved by Chrome
and Firefox and cannot be caught in an SSH shell session.
WAB-10219: If WALLIX Access Manager "rdp.clipboard.icap" parameter is enabled and you
try to paste a file to an RDP target more than once, the next paste action inserts a blank file.
WAB-10954: Slowness can occur in RDP sessions in case of heavy animation such as video
watching or browsing websites with HTML animation. To improve this situation, you can increase the
value of the "rdp.input.buffer.size setting", or installing a browser plugin such as Stylish to
remove the HTML animation.
WAB-12597: When the LDAP server is configured with the encryption method set to "SSL"
or "StartTLS", a DNS server must be configured on the appliance to avoid slowness during the LDAP
connection or failures if the connection timeout is too low. This requirement applies even if an IP
address is used in the LDAP server configuration. It is not necessary for the DNS server to resolve
the IP address.
WAB-13602: When applying a scale factor, a slight blur appears in the RDP session in
some limited cases. Resizing the window or changing the scale factor make the display sharp again.
The following keyboard layouts are supported:
Caution! MAC keyboards are not supported.
This document is the property of WALLIX and may not be reproduced without its prior consent.
All the product or company names mentioned herein are the registered trademarks of their respective owners.
WALLIX Access Manager is subject to the WALLIX software license contract.
WALLIX Access Manager is based on open-source software. The related list is available from WALLIX.
Please send your request on Internet at https://support.wallix.com or in writing to:
WALLIX
Service Support
250 bis, Rue du Faubourg Saint-Honoré
75008 PARIS
FRANCE