7 matches found
Qlik Sense Enterprise Multiple Vulnerabilities
The version of Qlik Sense Enterprise installed on the remote Windows host is prior August 2022 Patch 14, November 2022 prior to Patch 11, February 2023 prior to Patch 8 or May 2023 prior to Patch 4. It is, therefore, affected by multiple vulnerabilities. - An HTTP tunneling vulnerability due to...
Qlik Sense Enterprise HTTP Tunneling RCE
The version of Qlik Sense Enterprise installed on the remote Windows host is prior to November 2021 Patch 17, February 2022 prior to Patch 15, May 2022 prior to Patch 16, August 2022 prior to Patch 14, November 2022 prior to Patch 12, February 2023 prior to Patch 10, May 2023 prior to Patch 6 or...
VulnCheck KEV: CVE-2023-41265
Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software...
Input validation
Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP requests on the backe...
CVE-2023-41265
An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunnelin...
CVE-2023-41265
An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunnelin...
CVE-2023-41265
CVE-2023-41265 affects Qlik Sense Enterprise for Windows. The issue is an HTTP Request Smuggling vulnerability caused by tunneling HTTP requests in the raw HTTP traffic, enabling a remote attacker to escalate privileges by crafting requests that execute on the backend repository server. Affected ...