Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-48365
HistoryNov 15, 2023 - 10:15 p.m.

CVE-2023-48365

2023-11-1522:15:28
CWE-444
[email protected]
web.nvd.nist.gov
55
20
cve-2023-48365
qlik sense enterprise
windows
remote code execution
unauthenticated
qb-21683
http headers
privilege escalation
patch
vulnerability
nvd

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.92 High

EPSS

Percentile

98.9%

JSON

Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP requests on the backend server that hosts the repository application. The fixed versions are August 2023 Patch 2, May 2023 Patch 6, February 2023 Patch 10, November 2022 Patch 12, August 2022 Patch 14, May 2022 Patch 16, February 2022 Patch 15, and November 2021 Patch 17. NOTE: this issue exists because of an incomplete fix for CVE-2023-41265.

Affected configurations

NVD
Node
qlikqlik_senseMatchaugust_2022-enterprisewindows
OR
qlikqlik_senseMatchaugust_2022patch_1enterprisewindows
OR
qlikqlik_senseMatchaugust_2022patch_10enterprisewindows
OR
qlikqlik_senseMatchaugust_2022patch_11enterprisewindows
OR
qlikqlik_senseMatchaugust_2022patch_12enterprisewindows
OR
qlikqlik_senseMatchaugust_2022patch_13enterprisewindows
OR
qlikqlik_senseMatchaugust_2022patch_2enterprisewindows
OR
qlikqlik_senseMatchaugust_2022patch_3enterprisewindows
OR
qlikqlik_senseMatchaugust_2022patch_4enterprisewindows
OR
qlikqlik_senseMatchaugust_2022patch_5enterprisewindows
OR
qlikqlik_senseMatchaugust_2022patch_6enterprisewindows
OR
qlikqlik_senseMatchaugust_2022patch_7enterprisewindows
OR
qlikqlik_senseMatchaugust_2022patch_8enterprisewindows
OR
qlikqlik_senseMatchaugust_2022patch_9enterprisewindows
OR
qlikqlik_senseMatchaugust_2023-enterprisewindows
OR
qlikqlik_senseMatchaugust_2023patch_1enterprisewindows
OR
qlikqlik_senseMatchfebruary_2022-enterprisewindows
OR
qlikqlik_senseMatchfebruary_2022patch_1enterprisewindows
OR
qlikqlik_senseMatchfebruary_2022patch_10enterprisewindows
OR
qlikqlik_senseMatchfebruary_2022patch_11enterprisewindows
OR
qlikqlik_senseMatchfebruary_2022patch_12enterprisewindows
OR
qlikqlik_senseMatchfebruary_2022patch_13enterprisewindows
OR
qlikqlik_senseMatchfebruary_2022patch_14enterprisewindows
OR
qlikqlik_senseMatchfebruary_2022patch_2enterprisewindows
OR
qlikqlik_senseMatchfebruary_2022patch_3enterprisewindows
OR
qlikqlik_senseMatchfebruary_2022patch_4enterprisewindows
OR
qlikqlik_senseMatchfebruary_2022patch_5enterprisewindows
OR
qlikqlik_senseMatchfebruary_2022patch_6enterprisewindows
OR
qlikqlik_senseMatchfebruary_2022patch_7enterprisewindows
OR
qlikqlik_senseMatchfebruary_2022patch_8enterprisewindows
OR
qlikqlik_senseMatchfebruary_2022patch_9enterprisewindows
OR
qlikqlik_senseMatchfebruary_2023-enterprisewindows
OR
qlikqlik_senseMatchfebruary_2023patch_1enterprisewindows
OR
qlikqlik_senseMatchfebruary_2023patch_2enterprisewindows
OR
qlikqlik_senseMatchfebruary_2023patch_3enterprisewindows
OR
qlikqlik_senseMatchfebruary_2023patch_4enterprisewindows
OR
qlikqlik_senseMatchfebruary_2023patch_5enterprisewindows
OR
qlikqlik_senseMatchfebruary_2023patch_6enterprisewindows
OR
qlikqlik_senseMatchfebruary_2023patch_7enterprisewindows
OR
qlikqlik_senseMatchfebruary_2023patch_8enterprisewindows
OR
qlikqlik_senseMatchfebruary_2023patch_9enterprisewindows
OR
qlikqlik_senseMatchmay_2022-enterprisewindows
OR
qlikqlik_senseMatchmay_2022patch_1enterprisewindows
OR
qlikqlik_senseMatchmay_2022patch_10enterprisewindows
OR
qlikqlik_senseMatchmay_2022patch_11enterprisewindows
OR
qlikqlik_senseMatchmay_2022patch_12enterprisewindows
OR
qlikqlik_senseMatchmay_2022patch_13enterprisewindows
OR
qlikqlik_senseMatchmay_2022patch_14enterprisewindows
OR
qlikqlik_senseMatchmay_2022patch_15enterprisewindows
OR
qlikqlik_senseMatchmay_2022patch_2enterprisewindows
OR
qlikqlik_senseMatchmay_2022patch_3enterprisewindows
OR
qlikqlik_senseMatchmay_2022patch_4enterprisewindows
OR
qlikqlik_senseMatchmay_2022patch_5enterprisewindows
OR
qlikqlik_senseMatchmay_2022patch_6enterprisewindows
OR
qlikqlik_senseMatchmay_2022patch_7enterprisewindows
OR
qlikqlik_senseMatchmay_2022patch_8enterprisewindows
OR
qlikqlik_senseMatchmay_2022patch_9enterprisewindows
OR
qlikqlik_senseMatchmay_2023-enterprisewindows
OR
qlikqlik_senseMatchmay_2023patch_1enterprisewindows
OR
qlikqlik_senseMatchmay_2023patch_2enterprisewindows
OR
qlikqlik_senseMatchmay_2023patch_3enterprisewindows
OR
qlikqlik_senseMatchmay_2023patch_4enterprisewindows
OR
qlikqlik_senseMatchmay_2023patch_5enterprisewindows
OR
qlikqlik_senseMatchnovember_2021-enterprisewindows
OR
qlikqlik_senseMatchnovember_2021patch_1enterprisewindows
OR
qlikqlik_senseMatchnovember_2021patch_10enterprisewindows
OR
qlikqlik_senseMatchnovember_2021patch_11enterprisewindows
OR
qlikqlik_senseMatchnovember_2021patch_12enterprisewindows
OR
qlikqlik_senseMatchnovember_2021patch_13enterprisewindows
OR
qlikqlik_senseMatchnovember_2021patch_14enterprisewindows
OR
qlikqlik_senseMatchnovember_2021patch_15enterprisewindows
OR
qlikqlik_senseMatchnovember_2021patch_16enterprisewindows
OR
qlikqlik_senseMatchnovember_2021patch_2enterprisewindows
OR
qlikqlik_senseMatchnovember_2021patch_3enterprisewindows
OR
qlikqlik_senseMatchnovember_2021patch_4enterprisewindows
OR
qlikqlik_senseMatchnovember_2021patch_5enterprisewindows
OR
qlikqlik_senseMatchnovember_2021patch_6enterprisewindows
OR
qlikqlik_senseMatchnovember_2021patch_7enterprisewindows
OR
qlikqlik_senseMatchnovember_2021patch_8enterprisewindows
OR
qlikqlik_senseMatchnovember_2021patch_9enterprisewindows
OR
qlikqlik_senseMatchnovember_2022-enterprisewindows
OR
qlikqlik_senseMatchnovember_2022patch_1enterprisewindows
OR
qlikqlik_senseMatchnovember_2022patch_10enterprisewindows
OR
qlikqlik_senseMatchnovember_2022patch_11enterprisewindows
OR
qlikqlik_senseMatchnovember_2022patch_2enterprisewindows
OR
qlikqlik_senseMatchnovember_2022patch_3enterprisewindows
OR
qlikqlik_senseMatchnovember_2022patch_4enterprisewindows
OR
qlikqlik_senseMatchnovember_2022patch_5enterprisewindows
OR
qlikqlik_senseMatchnovember_2022patch_6enterprisewindows
OR
qlikqlik_senseMatchnovember_2022patch_7enterprisewindows
OR
qlikqlik_senseMatchnovember_2022patch_8enterprisewindows
OR
qlikqlik_senseMatchnovember_2022patch_9enterprisewindows

Social References

More

Related

nvd 2
nessus 2
prion 2
cvelist 2
thn 2
cve 1
cisa_kev 1
attackerkb 1
nuclei 1
nvd
nvd
CVE-2023-48365
2023-11-15 22:15:28
CVE-2023-41265
2023-08-29 23:15:09
nessus
nessus
Qlik Sense Enterprise HTTP Tunneling RCE
2023-12-08 00:00:00
Qlik Sense Enterprise Multiple Vulnerabilities
2023-12-08 00:00:00
prion
prion
Input validation
2023-11-15 22:15:00
Cross site request forgery (csrf)
2023-08-29 23:15:00
cvelist
cvelist
CVE-2023-48365
2023-11-15 00:00:00
CVE-2023-41265
2023-08-29 00:00:00
thn
thn
CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks
2023-11-30 11:16:00
Black Basta Ransomware Strikes 500+ Entities Across North America, Europe, and Australia
2024-05-13 10:01:00
cve
cve
CVE-2023-41265
2023-08-29 23:15:09
cisa_kev
cisa_kev
Qlik Sense HTTP Tunneling Vulnerability
2023-12-07 00:00:00
attackerkb
attackerkb
CVE-2023-41265
2023-08-29 00:00:00
nuclei
nuclei
Qlik Sense Enterprise - HTTP Request Smuggling
2023-12-13 15:36:37

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.92 High

EPSS

Percentile

98.9%

JSON
Related for CVE-2023-48365
nvd2nessus2prion2cvelist2thn2cve1cisa_kev1attackerkb1nuclei1