Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cve[email protected]CVE-2023-41266
HistoryAug 29, 2023 - 11:15 p.m.

CVE-2023-41266

2023-08-2923:15:09
CWE-20
[email protected]
web.nvd.nist.gov
127
In Wild
20
cve-2023
qlik sense
windows
path traversal
vulnerability
security
nvd

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

6.9 Medium

AI Score

Confidence

High

0.874 High

EPSS

Percentile

98.7%

JSON

A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.

Affected configurations

NVD
Node
qlikqlik_senseMatchaugust_2022-enterprisewindows
OR
qlikqlik_senseMatchaugust_2022patch_1enterprisewindows
OR
qlikqlik_senseMatchaugust_2022patch_10enterprisewindows
OR
qlikqlik_senseMatchaugust_2022patch_11enterprisewindows
OR
qlikqlik_senseMatchaugust_2022patch_12enterprisewindows
OR
qlikqlik_senseMatchaugust_2022patch_2enterprisewindows
OR
qlikqlik_senseMatchaugust_2022patch_3enterprisewindows
OR
qlikqlik_senseMatchaugust_2022patch_4enterprisewindows
OR
qlikqlik_senseMatchaugust_2022patch_5enterprisewindows
OR
qlikqlik_senseMatchaugust_2022patch_6enterprisewindows
OR
qlikqlik_senseMatchaugust_2022patch_7enterprisewindows
OR
qlikqlik_senseMatchaugust_2022patch_8enterprisewindows
OR
qlikqlik_senseMatchaugust_2022patch_9enterprisewindows
OR
qlikqlik_senseMatchfebruary_2023-enterprisewindows
OR
qlikqlik_senseMatchfebruary_2023patch_1enterprisewindows
OR
qlikqlik_senseMatchfebruary_2023patch_2enterprisewindows
OR
qlikqlik_senseMatchfebruary_2023patch_3enterprisewindows
OR
qlikqlik_senseMatchfebruary_2023patch_4enterprisewindows
OR
qlikqlik_senseMatchfebruary_2023patch_5enterprisewindows
OR
qlikqlik_senseMatchfebruary_2023patch_6enterprisewindows
OR
qlikqlik_senseMatchfebruary_2023patch_7enterprisewindows
OR
qlikqlik_senseMatchmay_2023-enterprisewindows
OR
qlikqlik_senseMatchmay_2023patch_1enterprisewindows
OR
qlikqlik_senseMatchmay_2023patch_2enterprisewindows
OR
qlikqlik_senseMatchmay_2023patch3enterprisewindows
OR
qlikqlik_senseMatchnovember_2022-enterprisewindows
OR
qlikqlik_senseMatchnovember_2022patch_1enterprisewindows
OR
qlikqlik_senseMatchnovember_2022patch_10enterprisewindows
OR
qlikqlik_senseMatchnovember_2022patch_2enterprisewindows
OR
qlikqlik_senseMatchnovember_2022patch_3enterprisewindows
OR
qlikqlik_senseMatchnovember_2022patch_4enterprisewindows
OR
qlikqlik_senseMatchnovember_2022patch_5enterprisewindows
OR
qlikqlik_senseMatchnovember_2022patch_6enterprisewindows
OR
qlikqlik_senseMatchnovember_2022patch_7enterprisewindows
OR
qlikqlik_senseMatchnovember_2022patch_8enterprisewindows
OR
qlikqlik_senseMatchnovember_2022patch_9enterprisewindows

Social References

More

Related

cisa_kev 1
cvelist 1
nvd 1
nuclei 1
prion 1
attackerkb 1
nessus 1
thn 1
cisa_kev
cisa_kev
Qlik Sense Path Traversal Vulnerability
2023-12-07 00:00:00
cvelist
cvelist
CVE-2023-41266
2023-08-29 00:00:00
nvd
nvd
CVE-2023-41266
2023-08-29 23:15:09
nuclei
nuclei
Qlik Sense Enterprise - Path Traversal
2023-12-13 15:36:37
prion
prion
Path traversal
2023-08-29 23:15:00
attackerkb
attackerkb
CVE-2023-41266
2023-08-29 00:00:00
nessus
nessus
Qlik Sense Enterprise Multiple Vulnerabilities
2023-12-08 00:00:00
thn
thn
CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks
2023-11-30 11:16:00

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

6.9 Medium

AI Score

Confidence

High

0.874 High

EPSS

Percentile

98.7%

JSON
Related for CVE-2023-41266
cisa_kev1cvelist1nvd1nuclei1prion1attackerkb1nessus1thn1