CVE-2024-55580

Name of the Vulnerable Software and Affected Versions: Qlik Sense Enterprise for Windows versions prior to November 2024 IR

Description: The issue allows unprivileged users with network access to execute remote commands, potentially causing high availability damages, including high integrity and confidentiality risks. This is due to incorrect code generation management. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations: For Qlik Sense Enterprise for Windows versions prior to November 2024 IR, apply the November 2024 IR, May 2024 Patch 10, February 2024 Patch 14, November 2023 Patch 16, August 2023 Patch 16, May 2023 Patch 18, or February 2023 Patch 15 to resolve the issue. As a temporary workaround, consider restricting network access to prevent unprivileged users from executing remote commands.