Lucene search
PRIOn knowledge basePRION:CVE-2023-48365HistoryNov 15, 2023 - 10:15 p.m.
Input validation
2023-11-1522:15:00
PRIOn knowledge base
www.prio-n.com
5
qlik sense
windows
remote code execution
http headers
privilege elevation
backend server
repository application
patch
cve-2023-41265
Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP requests on the backend server that hosts the repository application. The fixed versions are August 2023 Patch 2, May 2023 Patch 6, February 2023 Patch 10, November 2022 Patch 12, August 2022 Patch 14, May 2022 Patch 16, February 2022 Patch 15, and November 2021 Patch 17. NOTE: this issue exists because of an incomplete fix for CVE-2023-41265.
Related
nvd
nvd
CVE-2023-48365
2023-11-15 22:15:28
CVE-2023-41265
2023-08-29 23:15:09
cve
cve
CVE-2023-48365
2023-11-15 22:15:28
CVE-2023-41265
2023-08-29 23:15:09
nessus
nessus
Qlik Sense Enterprise HTTP Tunneling RCE
2023-12-08 00:00:00
Qlik Sense Enterprise Multiple Vulnerabilities
2023-12-08 00:00:00
cvelist
cvelist
CVE-2023-48365
2023-11-15 00:00:00
CVE-2023-41265
2023-08-29 00:00:00
thn
thn
cisa_kev
cisa_kev
Qlik Sense HTTP Tunneling Vulnerability
2023-12-07 00:00:00
prion
prion
Cross site request forgery (csrf)
2023-08-29 23:15:00
attackerkb
attackerkb
CVE-2023-41265
2023-08-29 00:00:00
nuclei
nuclei
Qlik Sense Enterprise - HTTP Request Smuggling
2023-12-13 15:36:37