COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2023-41266

CVE-2023-41266

Severity
critical · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2023-12-07
Reference
https://nvd.nist.gov/vuln/detail/CVE-2023-41266
⌖ exploited in the wild shame 80/100 ransomwareexploited-in-wild

Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session could allow the attacker to send further requests to unauthorized endpoints.

Players implicated

Qlik Technologies Inc. · vendorSense · product

Description

Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session could allow the attacker to send further requests to unauthorized endpoints.

Affected FedRAMP products 1 in the catalog

ProductProviderStatusMatch
Qlik Cloud Government Qlik Technologies Inc. Authorized vendor-exact · 0.90