CVE-2023-41266 is a vulnerability in Qlik Sense
Published on August 29, 2023
A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.
Known Exploited Vulnerability
This Qlik Sense Path Traversal Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session could allow the attacker to send further requests to unauthorized endpoints.
The following remediation steps are recommended / required by December 28, 2023: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Vulnerability Analysis
CVE-2023-41266 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2023-41266
You can be notified by stack.watch whenever vulnerabilities like CVE-2023-41266 are published in these products:
What versions of Qlik Sense are vulnerable to CVE-2023-41266?
-
Qlik Sense
Version august_2022
patch_12
windows
-
Qlik Sense
Version august_2022
patch_11
windows
-
Qlik Sense
Version august_2022
patch_10
windows
-
Qlik Sense
Version august_2022
patch_9
windows
-
Qlik Sense
Version august_2022
patch_8
windows
-
Qlik Sense
Version august_2022
patch_7
windows
-
Qlik Sense
Version august_2022
patch_6
windows
-
Qlik Sense
Version august_2022
patch_5
windows
-
Qlik Sense
Version august_2022
patch_4
windows
-
Qlik Sense
Version august_2022
patch_3
windows
-
Qlik Sense
Version august_2022
patch_2
windows
-
Qlik Sense
Version august_2022
patch_1
windows
-
Qlik Sense
Version august_2022
-
windows
-
Qlik Sense
Version november_2022
patch_10
windows
-
Qlik Sense
Version november_2022
patch_9
windows
-
Qlik Sense
Version november_2022
patch_8
windows
-
Qlik Sense
Version november_2022
patch_7
windows
-
Qlik Sense
Version november_2022
patch_6
windows
-
Qlik Sense
Version november_2022
patch_5
windows
-
Qlik Sense
Version november_2022
patch_4
windows
-
Qlik Sense
Version november_2022
patch_3
windows
-
Qlik Sense
Version november_2022
patch_2
windows
-
Qlik Sense
Version november_2022
patch_1
windows
-
Qlik Sense
Version november_2022
-
windows
-
Qlik Sense
Version february_2023
patch_7
windows
-
Qlik Sense
Version february_2023
patch_6
windows
-
Qlik Sense
Version february_2023
patch_5
windows
-
Qlik Sense
Version february_2023
patch_4
windows
-
Qlik Sense
Version february_2023
patch_3
windows
-
Qlik Sense
Version february_2023
patch_2
windows
-
Qlik Sense
Version february_2023
patch_1
windows
-
Qlik Sense
Version february_2023
-
windows
-
Qlik Sense
Version may_2023
patch_2
windows
-
Qlik Sense
Version may_2023
patch_1
windows
-
Qlik Sense
Version may_2023
-
windows
-
Qlik Sense
Version may_2023
patch3
windows