Lucene search
PRIOn knowledge basePRION:CVE-2023-41265HistoryAug 29, 2023 - 11:15 p.m.
Cross site request forgery (csrf)
2023-08-2923:15:00
PRIOn knowledge base
www.prio-n.com
7
cross site request forgery
qlik sense enterprise
windows
http request tunneling
vulnerability
remote attacker
privilege elevation
backend server
repository application
patch
nvd
An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request. This allows them to send requests that get executed by the backend server hosting the repository application. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.
Related
cve
cve
CVE-2023-41265
2023-08-29 23:15:09
CVE-2023-48365
2023-11-15 22:15:28
cisa_kev
cisa_kev
Qlik Sense HTTP Tunneling Vulnerability
2023-12-07 00:00:00
cvelist
cvelist
CVE-2023-41265
2023-08-29 00:00:00
CVE-2023-48365
2023-11-15 00:00:00
attackerkb
attackerkb
CVE-2023-41265
2023-08-29 00:00:00
nvd
nvd
CVE-2023-41265
2023-08-29 23:15:09
CVE-2023-48365
2023-11-15 22:15:28
nuclei
nuclei
Qlik Sense Enterprise - HTTP Request Smuggling
2023-12-13 15:36:37
nessus
nessus
Qlik Sense Enterprise HTTP Tunneling RCE
2023-12-08 00:00:00
Qlik Sense Enterprise Multiple Vulnerabilities
2023-12-08 00:00:00
prion
prion
Input validation
2023-11-15 22:15:00
thn
thn
CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks
2023-11-30 11:16:00