CVE-2023-41266

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Aug 29, 2023
Updated: Sep 8, 2023
CWE ID 20

Summary

CVE-2023-41266 is a recently disclosed vulnerability in Qlik Sense Enterprise for Windows. Affected versions include May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier. This issue is a path traversal vulnerability, which enables unauthenticated remote attackers to generate anonymous sessions. Consequently, they can transmit HTTP requests to unauthorized endpoints, potentially leading to unauthorized data access or system manipulation. This vulnerability has been addressed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13. Users are encouraged to update their software to the latest patches as soon as possible to mitigate the risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Qlik Sense

Affected Vendors

  • Qlik Technologies