The vulnerability of the Qlik Sense Enterprise data analysis platform, related to deficiencies in HTTP request processing, allows attackers to enhance their privileges.

🗓️ 22 Sep 2023 00:00:00Reported by FSTEC of Russia — Information Security Threat DatabaseType

bdu_fstec

bdu_fstec🔗 bdu.fstec.ru👁 1 Views

Qlik Sense Enterprise HTTP request processing vulnerability allows remote attackers to escalate privileges.

Reporter	Title	Published	Views	Family All 22
ATTACKERKB	CVE-2023-41265	29 Aug 202300:00	–	attackerkb
ATTACKERKB	CVE-2023-48365	15 Nov 202300:00	–	attackerkb
Circl	CVE-2023-41265	30 Aug 202302:17	–	circl
CISA KEV Catalog	Qlik Sense HTTP Tunneling Vulnerability	7 Dec 202300:00	–	cisa_kev
CISA	CISA Adds Two Known Exploited Vulnerabilities to Catalog	7 Dec 202312:00	–	cisa
CNNVD	Qlik Sense 环境问题漏洞	29 Aug 202300:00	–	cnnvd
CVE	CVE-2023-41265	29 Aug 202300:00	–	cve
Cvelist	CVE-2023-41265	29 Aug 202300:00	–	cvelist
NCSC	Vulnerabilities fixed in QlikTech Qlik Sense Vulnerabilities fixed in QlikTech Qlik Sense	30 Nov 202300:00	–	ncsc
Nuclei	Qlik Sense Enterprise - HTTP Request Smuggling	8 Jun 202604:09	–	nuclei

Source	Link
community	www.community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/ta-p/2110801
community	www.community.qlik.com/t5/Release-Notes/tkb-p/ReleaseNotes
cisa	www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv
web	www.web.nvd.nist.gov/view/vuln/detail

24 Sep 2024 00:00Current

CVSS 29

CVSS 39.9

EPSS0.92414

Qlik Sense Enterprise Hypertext Transfer Protocol remote privilege escalation