Description Preview
Qlik Sense Enterprise for Windows, prior to August 2023 Patch 2, contains a vulnerability that permits unauthenticated remote code execution, identified as QB-21683. This vulnerability arises from inadequate validation of HTTP headers, enabling a remote attacker to escalate privileges by tunneling HTTP requests. Consequently, attackers can execute HTTP requests on the backend server hosting the repository application. The issue is exacerbated by an incomplete fix for CVE-2023-41265. The vulnerability has a CVSS score of 9.6, indicating a critical severity level, with high impacts on confidentiality and integrity.
Overview
- CVE ID: CVE-2023-48365
- Published Date: November 15, 2023
- Last Updated: January 13, 2025
- Affected Product: Qlik Sense Enterprise for Windows (versions before August 2023 Patch 2)
- Vulnerability Type: Remote Code Execution
- CVSS Score: 9.6 (Critical)
- Attack Vector: Network
- Privileges Required: Low
- User Interaction: None
- Scope: Changed
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: None
Remediation
To mitigate the risk associated with CVE-2023-48365, users of Qlik Sense Enterprise for Windows should upgrade to one of the following fixed versions:
- August 2023 Patch 2
- May 2023 Patch 6
- February 2023 Patch 10
- November 2022 Patch 12
- August 2022 Patch 14
- May 2022 Patch 16
- February 2022 Patch 15
- November 2021 Patch 17
It is crucial for organizations to apply these patches promptly to protect against potential exploitation.
References
Early Warning
Customers using Armis Early Warning were notified about this vulnerability before it appeared in CISA's Known Exploited Vulnerabilities Catalog, enabling them to assess their exposure and act proactively. Armis offers these examples of CVEs already included in CISA KEV for potential customers. Click here to learn how to receive alerts earlier.
- Armis Alert Date
- Nov 15, 2023
- CISA KEV Date
- Jan 13, 2025
425days early
Industry ExposureMost to leastThis section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
This section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
- Health Care & Social AssistanceHealth Care & Social Assistance: Low
- Transportation & WarehousingTransportation & Warehousing: Low
- ManufacturingManufacturing: Low
- Public AdministrationPublic Administration: Low
- Retail TradeRetail Trade: Low
- UtilitiesUtilities: Low
- Accommodation & Food ServicesAccommodation & Food Services: Low
- Administrative, Support, Waste Management & Remediation ServicesAdministrative, Support, Waste Management & Remediation Services: Low
- Agriculture, Forestry Fishing & HuntingAgriculture, Forestry Fishing & Hunting: Low
- Arts, Entertainment & RecreationArts, Entertainment & Recreation: Low
- ConstructionConstruction: Low
- Educational ServicesEducational Services: Low
- Finance and InsuranceFinance and Insurance: Low
- InformationInformation: Low
- Management of Companies & EnterprisesManagement of Companies & Enterprises: Low
- MiningMining: Low
- Other Services (except Public Administration)Other Services (except Public Administration): Low
- Professional, Scientific, & Technical ServicesProfessional, Scientific, & Technical Services: Low
- Real Estate Rental & LeasingReal Estate Rental & Leasing: Low
- Wholesale TradeWholesale Trade: Low
