CVE-2023-41266 is a vulnerability in Qlik Sense
Published on August 29, 2023
A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.
Known Exploited Vulnerability
This Qlik Sense Path Traversal Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session could allow the attacker to send further requests to unauthorized endpoints.
The following remediation steps are recommended / required by December 28, 2023: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Vulnerability Analysis
CVE-2023-41266 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. It has the highest possible exploitability rating (3.9). The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and no impact on availability.
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Products Associated with CVE-2023-41266
You can be notified by stack.watch whenever vulnerabilities like CVE-2023-41266 are published in these products:
What versions of Qlik Sense are vulnerable to CVE-2023-41266?
- Qlik Sense Version august_2022 patch_12 windows
- Qlik Sense Version august_2022 patch_11 windows
- Qlik Sense Version august_2022 patch_10 windows
- Qlik Sense Version august_2022 patch_9 windows
- Qlik Sense Version august_2022 patch_8 windows
- Qlik Sense Version august_2022 patch_7 windows
- Qlik Sense Version august_2022 patch_6 windows
- Qlik Sense Version august_2022 patch_5 windows
- Qlik Sense Version august_2022 patch_4 windows
- Qlik Sense Version august_2022 patch_3 windows
- Qlik Sense Version august_2022 patch_2 windows
- Qlik Sense Version august_2022 patch_1 windows
- Qlik Sense Version august_2022 - windows
- Qlik Sense Version november_2022 patch_10 windows
- Qlik Sense Version november_2022 patch_9 windows
- Qlik Sense Version november_2022 patch_8 windows
- Qlik Sense Version november_2022 patch_7 windows
- Qlik Sense Version november_2022 patch_6 windows
- Qlik Sense Version november_2022 patch_5 windows
- Qlik Sense Version november_2022 patch_4 windows
- Qlik Sense Version november_2022 patch_3 windows
- Qlik Sense Version november_2022 patch_2 windows
- Qlik Sense Version november_2022 patch_1 windows
- Qlik Sense Version november_2022 - windows
- Qlik Sense Version february_2023 patch_7 windows
- Qlik Sense Version february_2023 patch_6 windows
- Qlik Sense Version february_2023 patch_5 windows
- Qlik Sense Version february_2023 patch_4 windows
- Qlik Sense Version february_2023 patch_3 windows
- Qlik Sense Version february_2023 patch_2 windows
- Qlik Sense Version february_2023 patch_1 windows
- Qlik Sense Version february_2023 - windows
- Qlik Sense Version may_2023 patch_2 windows
- Qlik Sense Version may_2023 patch_1 windows
- Qlik Sense Version may_2023 - windows
- Qlik Sense Version may_2023 patch3 windows