CVE-2023-41265
CRITICAL
9,6
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: none
Scope: changed
Confidentiality: high
Integrity: high
Availability: none
Description
AI Translation Available
An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request. This allows them to send requests that get executed by the backend server hosting the repository application. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.
EPSS (Exploit Prediction Scoring System)
Trend Analysis
EPSS (Exploit Prediction Scoring System)
Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.
EPSS Score
0,9204
Percentile
1,0th
Updated
EPSS Score Trend (Last 90 Days)
444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
IncompleteCommon Consequences
Security Scopes Affected:
Integrity
Non-Repudiation
Access Control
Potential Impacts:
Unexpected State
Hide Activities
Bypass Protection Mechanism
Applicable Platforms
Technologies:
Web Based, Web Server
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:may_2023:patch3:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:november_2022:patch_8:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:august_2022:patch_5:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:august_2022:patch_11:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:august_2022:patch_8:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:february_2023:patch_5:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:may_2023:patch_2:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:may_2023:patch_1:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:november_2022:patch_1:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:august_2022:patch_12:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:november_2022:patch_9:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:february_2023:patch_3:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:august_2022:-:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:november_2022:patch_6:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:august_2022:patch_7:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:august_2022:patch_10:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:november_2022:-:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:february_2023:patch_7:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:february_2023:-:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:february_2023:patch_4:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:may_2023:-:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:november_2022:patch_3:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:august_2022:patch_3:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:november_2022:patch_10:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:november_2022:patch_7:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:august_2022:patch_6:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:february_2023:patch_2:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:august_2022:patch_9:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:august_2022:patch_2:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:february_2023:patch_6:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:february_2023:patch_1:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:november_2022:patch_5:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:august_2022:patch_4:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:november_2022:patch_4:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:november_2022:patch_2:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application
Qlik Sense by Qlik
CPE Identifier
View Detailed Analysis
cpe:2.3:a:qlik:qlik_sense:august_2022:patch_1:*:*:enterprise:windows:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023…
https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes…
https://community.qlik.com/t5/Release-Notes/tkb-p/ReleaseNotes
https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes…
https://community.qlik.com/t5/Release-Notes/tkb-p/ReleaseNotes