CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Dec 28, 2023

High

CISA KEVRansomware

CVE-2023-41266

Qlik—Sense

Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session could allow the attacker to send further requests to unauthorized endpoints.

Required Action

https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/ta-p/2110801 ; https://nvd.nist.gov/vuln/detail/CVE-2023-41266

Vulnerability Overview

Severity: High
CISA KEV: Yes
Ransomware: Known
Published: Dec 7, 2023
KEV Added: Dec 7, 2023
Due Date: Dec 28, 2023
Related Articles: 0

Vendor

Qlik

Sense