CVE-2023-48365

Name of the Vulnerable Software and Affected Versions Qlik Sense Enterprise for Windows versions prior to August 2023 Patch 2

Description The issue is related to improper validation of HTTP headers, allowing a remote attacker to elevate their privilege by tunneling HTTP requests and execute HTTP requests on the backend server that hosts the repository application. It is estimated that 11,185 exposed Qlik Sense instances are online, and the vulnerability is being actively exploited. The vulnerability enables attackers to escalate privileges and send HTTP requests to the backend server.

Recommendations To resolve the issue, update Qlik Sense Enterprise for Windows to August 2023 Patch 2 or later. As a temporary workaround, consider restricting access to the vulnerable HTTP endpoints until a patch is applied. Avoid using vulnerable versions of Qlik Sense Enterprise for Windows until they are updated to a patched version.