CVE-2023-48365

Summary

CVE-2023-48365 is a newly disclosed vulnerability in Qlik Sense Enterprise for Windows. This issue permits unauthenticated remote code execution due to inadequate HTTP header validation (QB-21683). A remote attacker can exploit this vulnerability by tunneling HTTP requests, thereby executing HTTP requests on the backend server hosting the repository application. To mitigate this risk, users are advised to apply August 2023 Patch 2, or any of the previous patches listed: May 2023 Patch 6, February 2023 Patch 10, November 2022 Patch 12, August 2022 Patch 14, May 2022 Patch 16, February 2022 Patch 15, and November 2021 Patch 17. It is important to note that this vulnerability stems from an incomplete resolution of CVE-2023-41265.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.