Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-41265
HistoryAug 29, 2023 - 11:15 p.m.

CVE-2023-41265

2023-08-2923:15:09
CWE-444
[email protected]
web.nvd.nist.gov
120
In Wild
20
cve-2023-41265
qlik sense
enterprise
windows
vulnerability
privilege escalation
http request tunneling

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.914 High

EPSS

Percentile

98.9%

JSON

An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request. This allows them to send requests that get executed by the backend server hosting the repository application. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.

Social References

More

Related

prion 2
cvelist 2
cisa_kev 1
attackerkb 1
nuclei 1
nessus 2
cve 1
thn 1
prion
prion
Cross site request forgery (csrf)
2023-08-29 23:15:00
Input validation
2023-11-15 22:15:00
cvelist
cvelist
CVE-2023-41265
2023-08-29 00:00:00
CVE-2023-48365
2023-11-15 00:00:00
cisa_kev
cisa_kev
Qlik Sense HTTP Tunneling Vulnerability
2023-12-07 00:00:00
attackerkb
attackerkb
CVE-2023-41265
2023-08-29 00:00:00
nuclei
nuclei
Qlik Sense Enterprise - HTTP Request Smuggling
2023-12-13 15:36:37
nessus
nessus
Qlik Sense Enterprise HTTP Tunneling RCE
2023-12-08 00:00:00
Qlik Sense Enterprise Multiple Vulnerabilities
2023-12-08 00:00:00
cve
cve
CVE-2023-48365
2023-11-15 22:15:28
thn
thn
CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks
2023-11-30 11:16:00

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9.2 High

AI Score

Confidence

High

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.914 High

EPSS

Percentile

98.9%

JSON
Related for CVE-2023-41265
prion2cvelist2cisa_kev1attackerkb1nuclei1nessus2cve1thn1