Overview In an effort to safeguard our customers, we perform proactive vulnerability research with the goal of identifying zero-day vulnerabilities that are likely to impact the security of leading organizations. Recently, we decided to take a look at Qlik Sense Enterprise, a data analytics solution similar to Tableau. The recent exploitation of vulnerabilities in the […]| Praetorian
Overview On August 29th, 2023, Qlik issued a patch for two vulnerabilities we identified in Qlik Sense Enterprise, CVE-2023-41265 and CVE-2023-41266. These vulnerabilities allowed for unauthenticated remote code execution via path traversal and HTTP request tunneling. As part of our standard operating procedure, we performed a diff of the issued patch to identify potential bypasses […]| Praetorian
Unified Endpoint Management & Security solutions help ensure efficient device management & strong cybersecurity. Learn more about ManageEngine's UEMS Solutions!| www.manageengine.com
References to Advisories, Solutions, and Tools| nvd.nist.gov
References to Advisories, Solutions, and Tools| nvd.nist.gov
References to Advisories, Solutions, and Tools| nvd.nist.gov
Edited August 30th, 15:55 CET: Added clarification on older Qlik Sense Enterprise on Windows versions Edited August 31st, 13:10 CET: Added clarification on possible workarounds (none exist) as well as information regarding what authentication methods (all) are affected and that HTTP and HTTPS are im...| community.qlik.com
Arctic Wolf has recently worked multiple incident response cases where we have observed ransomware groups exploiting CVE-2023-41265, CVE-2023-41266 & CVE-2023-48365 to gain initial access.| Arctic Wolf
Executive Summary A security issue in Qlik Sense Enterprise for Windows has been identified, and patches have been made available. If successfully exploited, this vulnerability could lead to a compromise of the server running the Qlik Sense software, including unauthenticated remote code execution ...| community.qlik.com
Qlik Sense offers modern analytics that empowers users at all skill levels to uncover insights and trigger actions when it matters. Go beyond the dashboard.| Qlik
Download PuTTY: latest release (0.83)| www.chiark.greenend.org.uk