CVE Tracker

CVE ID	Severity	EPSS	Vendor	Description	Date	Status
CVE-2023-48365	High	64.2%	QlikSense	Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software.	Jan 13, 2025	KEV
CVE-2023-41266	High	94.3%	QlikSense	Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session could allow the attacker to send further requests to unauthorized endpoints.	Dec 7, 2023	KEV
CVE-2023-41265	High	92.5%	QlikSense	Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software.	Dec 7, 2023	KEV

CVE-2023-48365KEV

High

Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software.

QlikEPSS 64.2%

CVE-2023-41266KEV

High

Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session could allow the attacker to send further requests to unauthorized endpoints.

QlikEPSS 94.3%

CVE-2023-41265KEV

High

Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software.

QlikEPSS 92.5%