vulnerability

Qlik Sense Enterprise: CVE-2023-41266: Path traversal in Qlik Sense Enterprise for Windows

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:C/I:P/A:N)	Aug 29, 2023	Mar 26, 2024	Mar 27, 2024

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:P/A:N)

Published

Aug 29, 2023

Added

Mar 26, 2024

Modified

Mar 27, 2024

Description

Due to improper validation of user supplied input, it is possible for an unauthenticated remote attacker to generate an anonymous session which allows them to perform HTTP requests to unauthorized endpoints.

Solution

qlik-sense-enterprise-upgrade-latest

References

CVE-2023-41266
https://attackerkb.com/topics/CVE-2023-41266
URL-https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/ta-p/2110801

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today