COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2023-41265

CVE-2023-41265

Severity
critical · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2023-12-07
Reference
https://nvd.nist.gov/vuln/detail/CVE-2023-41265
⌖ exploited in the wild shame 80/100 ransomwareexploited-in-wild

Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software.

Players implicated

Qlik Technologies Inc. · vendorSense · product

Description

Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software.

Affected FedRAMP products 1 in the catalog

ProductProviderStatusMatch
Qlik Cloud Government Qlik Technologies Inc. Authorized vendor-exact · 0.90