CVE-2024-36077

Name of the Vulnerable Software and Affected Versions Qlik Sense Enterprise for Windows versions 14.67.7 through 14.187.3

Description The issue is related to improper validation, allowing a remote attacker to elevate their privilege and execute commands on the server. This can lead to remote code execution. The vulnerability affects various patches of Qlik Sense Enterprise for Windows, and it has been fixed in later versions.

Recommendations For versions 14.67.7 through 14.173.7, update to February 2024 Patch 4 (14.173.8) or later. For versions 14.78.3 through 14.139.20, update to August 2023 Patch 14 (14.139.21) or later. For versions 14.97.2 through 14.113.18, update to February 2023 Patch 14 (14.113.19) or later. For versions 14.129.3 through 14.159.13, update to November 2023 Patch 9 (14.159.14) or later. For version 14.187.3, update to May 2024 (14.187.4) or later. As a temporary workaround, consider restricting access to the internal system role to minimize the risk of exploitation.