CVE-2024-55579

Name of the Vulnerable Software and Affected Versions: Qlik Sense Enterprise for Windows versions prior to November 2024 IR

Description: A problem was discovered in Qlik Sense Enterprise for Windows that allows an unprivileged user with network access to create connection objects, potentially triggering the execution of arbitrary EXE files. This issue is related to errors in processing input data from a higher-level component, which could enable a remote attacker to execute arbitrary code by creating specially formed connection objects.

Recommendations: For Qlik Sense Enterprise for Windows versions prior to November 2024 IR, update to the November 2024 IR or apply one of the following patches: May 2024 Patch 10, February 2024 Patch 14, November 2023 Patch 16, August 2023 Patch 16, May 2023 Patch 18, or February 2023 Patch 15. As a temporary workaround, consider restricting access to connection object creation to minimize the risk of exploitation.