{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-48365", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-02T21:30:34.616Z", "dateReserved": "2023-11-15T00:00:00", "datePublished": "2023-11-15T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-11-15T21:15:52.732093"}, "descriptions": [{"lang": "en", "value": "Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP requests on the backend server that hosts the repository application. The fixed versions are August 2023 Patch 2, May 2023 Patch 6, February 2023 Patch 10, November 2022 Patch 12, August 2022 Patch 14, May 2022 Patch 16, February 2022 Patch 15, and November 2021 Patch 17. NOTE: this issue exists because of an incomplete fix for CVE-2023-41265."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/tac-p/2120510"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AC:L/AV:N/A:N/C:H/I:H/PR:L/S:C/UI:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 9.6, "baseSeverity": "CRITICAL"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T21:30:34.616Z"}, "title": "CVE Program Container", "references": [{"url": "https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/tac-p/2120510", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:-:*:*:enterprise:windows:*:*", "matchCriteriaId": "41AEA1CA-D344-48DB-92D8-05D0EDC8487D", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_1:*:*:enterprise:windows:*:*", "matchCriteriaId": "FC12BB7A-366F-4EE2-AABF-19E83B5B9EC7", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_10:*:*:enterprise:windows:*:*", "matchCriteriaId": "5F601CFC-70D0-450B-AE49-058E6B887E15", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_11:*:*:enterprise:windows:*:*", "matchCriteriaId": "17E7F947-3322-46BB-9B89-689F1B792D89", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_12:*:*:enterprise:windows:*:*", "matchCriteriaId": "37AF6E89-73F0-49E8-82F4-08084A5EBE2A", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_13:*:*:enterprise:windows:*:*", "matchCriteriaId": "B633BE26-057C-403F-A4BB-270E1D709ADF", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_2:*:*:enterprise:windows:*:*", "matchCriteriaId": "E4C7CBBB-C6A0-460E-95DC-C1855826C7F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_3:*:*:enterprise:windows:*:*", "matchCriteriaId": "BD491E32-270C-452B-AC1E-FB8F509B916E", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_4:*:*:enterprise:windows:*:*", "matchCriteriaId": "EDE2809B-4234-443E-9E6A-6B402D258617", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_5:*:*:enterprise:windows:*:*", "matchCriteriaId": "155F0D6F-2E4A-40E7-9145-7D130334466B", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_6:*:*:enterprise:windows:*:*", "matchCriteriaId": "D733F495-E0EF-4F25-8532-2773415EFB8B", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_7:*:*:enterprise:windows:*:*", "matchCriteriaId": "578092D7-0F52-45C1-B7E2-FC5AF86AB8ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_8:*:*:enterprise:windows:*:*", "matchCriteriaId": "1B3164BA-0BDB-41F9-B51C-4FB0489A125A", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_9:*:*:enterprise:windows:*:*", "matchCriteriaId": "E0D31C35-50DC-4CDF-AFD4-311EAF5BBBD0", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2023:-:*:*:enterprise:windows:*:*", "matchCriteriaId": "34047E2B-26A8-46F4-A9FA-24E4C997AF58", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2023:patch_1:*:*:enterprise:windows:*:*", "matchCriteriaId": "3310512E-BDAA-46E4-925E-6BEF1E25417F", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2022:-:*:*:enterprise:windows:*:*", "matchCriteriaId": "24422FCB-D58E-4E00-A541-7557CFD9D30A", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2022:patch_1:*:*:enterprise:windows:*:*", "matchCriteriaId": "050A35DF-46A5-4327-8A13-07D1DD3E4F49", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2022:patch_10:*:*:enterprise:windows:*:*", "matchCriteriaId": "8E1D08FE-49DA-41B2-B562-4CC50BF6C361", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2022:patch_11:*:*:enterprise:windows:*:*", "matchCriteriaId": "2ED9A41B-9E76-4B6E-BDB5-FEE969DEAFDD", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2022:patch_12:*:*:enterprise:windows:*:*", "matchCriteriaId": "96E3A247-C5AD-4A84-855B-118386424087", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2022:patch_13:*:*:enterprise:windows:*:*", "matchCriteriaId": "DDA98915-B4BA-4044-8404-2AFAB25EAA06", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2022:patch_14:*:*:enterprise:windows:*:*", "matchCriteriaId": "F9DA8A45-9FEF-486E-AD6A-C5A9D15D0246", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2022:patch_2:*:*:enterprise:windows:*:*", "matchCriteriaId": "AFCDA4AC-758E-4999-94B6-D3BA24F03BB1", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2022:patch_3:*:*:enterprise:windows:*:*", "matchCriteriaId": "83547AC9-E4E6-4FF9-94CE-DDB32BF1D41F", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2022:patch_4:*:*:enterprise:windows:*:*", "matchCriteriaId": "35881EDA-560B-4C5C-9388-EC44F4B89F83", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2022:patch_5:*:*:enterprise:windows:*:*", "matchCriteriaId": "C090D35D-6ED8-406A-AC58-6A79280F52A9", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2022:patch_6:*:*:enterprise:windows:*:*", "matchCriteriaId": "39DF7548-666A-4903-8785-7CD7295DA6E7", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2022:patch_7:*:*:enterprise:windows:*:*", "matchCriteriaId": "F8467611-FF63-4154-AC76-ED7A876A46CD", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2022:patch_8:*:*:enterprise:windows:*:*", "matchCriteriaId": "B6D680D9-1049-4CA5-9AFD-1EC5C6B0DC5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2022:patch_9:*:*:enterprise:windows:*:*", "matchCriteriaId": "E721B224-0A35-4A9B-BD44-5B127FF1E6E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2023:-:*:*:enterprise:windows:*:*", "matchCriteriaId": "95BBBA68-269F-4385-9D14-A736F2CD707E", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2023:patch_1:*:*:enterprise:windows:*:*", "matchCriteriaId": "E6E1046C-35F4-451A-BFF1-2FC6EB01B547", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2023:patch_2:*:*:enterprise:windows:*:*", "matchCriteriaId": "D9AB037B-EE88-47CD-B387-42651CBAAFF9", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2023:patch_3:*:*:enterprise:windows:*:*", "matchCriteriaId": "3D28B87A-B36A-428E-A93B-255CFD62036F", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2023:patch_4:*:*:enterprise:windows:*:*", "matchCriteriaId": "9AD961D6-A315-493C-926F-1441E51C1742", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2023:patch_5:*:*:enterprise:windows:*:*", "matchCriteriaId": "1EFEBD77-7968-4649-8E9B-DAB24DC36E64", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2023:patch_6:*:*:enterprise:windows:*:*", "matchCriteriaId": "E6D033E6-C022-4C6B-9EAC-95ABF6CA9BA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2023:patch_7:*:*:enterprise:windows:*:*", "matchCriteriaId": "761B402F-4E98-46A4-A8E3-87F167CF01D0", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2023:patch_8:*:*:enterprise:windows:*:*", "matchCriteriaId": "5523F0D6-0017-4A1B-9A02-8108731DE05C", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2023:patch_9:*:*:enterprise:windows:*:*", "matchCriteriaId": "5B1B9FCD-3499-4F0B-97FC-C693942FF0EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:-:*:*:enterprise:windows:*:*", "matchCriteriaId": "12C6F742-F9E3-4F02-9610-B187E8DF9B61", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:patch_1:*:*:enterprise:windows:*:*", "matchCriteriaId": "9EE55EBA-35E6-4538-BA42-AB0AF18FBC78", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:patch_10:*:*:enterprise:windows:*:*", "matchCriteriaId": "A32668D9-297C-443A-94BA-5EE404B56286", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:patch_11:*:*:enterprise:windows:*:*", "matchCriteriaId": "4345AFA4-785C-4723-B7C5-0B1C74AFEB64", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:patch_12:*:*:enterprise:windows:*:*", "matchCriteriaId": "778E7986-3F4E-4AA0-BBBD-FB2C454B8170", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:patch_13:*:*:enterprise:windows:*:*", "matchCriteriaId": "F8822B86-2222-47B4-AE4B-A0E43523DAAB", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:patch_14:*:*:enterprise:windows:*:*", "matchCriteriaId": "C8B23C50-2E46-4248-931F-CCFB6E96A115", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:patch_15:*:*:enterprise:windows:*:*", "matchCriteriaId": "9C62E965-1663-419B-9C06-98655D4B0569", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:patch_2:*:*:enterprise:windows:*:*", "matchCriteriaId": "E23565A3-34D2-40AA-8CB9-AB6EB4DDC776", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:patch_3:*:*:enterprise:windows:*:*", "matchCriteriaId": "D2BCA144-1D99-48B4-B803-14049B14632B", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:patch_4:*:*:enterprise:windows:*:*", "matchCriteriaId": "64E043EC-C2A5-47C8-85BC-190607E7798C", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:patch_5:*:*:enterprise:windows:*:*", "matchCriteriaId": "035B8F10-67E0-4A73-863E-9A8C76C1EF9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:patch_6:*:*:enterprise:windows:*:*", "matchCriteriaId": "4B40BC46-2A7E-4019-A0B1-6D3981ECB002", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:patch_7:*:*:enterprise:windows:*:*", "matchCriteriaId": "CA7C07E6-AFEB-4A9A-B9E7-D0EFE34B4DCC", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:patch_8:*:*:enterprise:windows:*:*", "matchCriteriaId": "C3DF6FC7-FB30-4A5C-A9E6-EB61DA00BB3A", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2022:patch_9:*:*:enterprise:windows:*:*", "matchCriteriaId": "12263319-ECAB-4AEA-B421-134A1816FF0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2023:-:*:*:enterprise:windows:*:*", "matchCriteriaId": "9E7034FB-5E64-47AD-B4A4-8428474C48C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2023:patch_1:*:*:enterprise:windows:*:*", "matchCriteriaId": "29158A06-3DE9-487B-9BC5-B4A690864F4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2023:patch_2:*:*:enterprise:windows:*:*", "matchCriteriaId": "272C2CFE-0D8E-46CE-92B6-2BA8658C951B", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2023:patch_3:*:*:enterprise:windows:*:*", "matchCriteriaId": "91DBE33A-C764-46E7-A86C-8F39A19A3B82", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2023:patch_4:*:*:enterprise:windows:*:*", "matchCriteriaId": "BD48FE50-4825-461E-BE3F-7740B8A5EC7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2023:patch_5:*:*:enterprise:windows:*:*", "matchCriteriaId": "57E86313-0DDA-4FBA-89EF-CAAAD27A38CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:-:*:*:enterprise:windows:*:*", "matchCriteriaId": "D8CB1637-AAF0-437A-A900-AA65D2D60299", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_1:*:*:enterprise:windows:*:*", "matchCriteriaId": "0EDF6498-65CF-4569-AA9B-03D0CB79421E", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_10:*:*:enterprise:windows:*:*", "matchCriteriaId": "CB84D640-CAB6-4D91-9B24-B87F5FF07A26", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_11:*:*:enterprise:windows:*:*", "matchCriteriaId": "C96EAA46-482D-4322-A226-AB5BE8F61276", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_12:*:*:enterprise:windows:*:*", "matchCriteriaId": "A13C0501-7C14-4DFE-A3C4-941A479B5D7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_13:*:*:enterprise:windows:*:*", "matchCriteriaId": "C687581D-C6C2-49C9-8A7D-F9BD6E7EEC77", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_14:*:*:enterprise:windows:*:*", "matchCriteriaId": "CB16E82C-5C38-4364-B445-C30FBE429DF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_15:*:*:enterprise:windows:*:*", "matchCriteriaId": "B4B3A235-231D-4993-9FE5-51B460C4A4D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_16:*:*:enterprise:windows:*:*", "matchCriteriaId": "DB79992D-7897-42C3-A628-BE64F3727795", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_2:*:*:enterprise:windows:*:*", "matchCriteriaId": "4F9774E8-B376-4644-9EBA-151453142014", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_3:*:*:enterprise:windows:*:*", "matchCriteriaId": "91B6C3BC-0492-4C1A-A790-B859EA0752FA", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_4:*:*:enterprise:windows:*:*", "matchCriteriaId": "C5BEF48B-C704-4B65-92C2-5373F29073AB", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_5:*:*:enterprise:windows:*:*", "matchCriteriaId": "D7B66038-D625-40D3-9E5A-E3076D796A47", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_6:*:*:enterprise:windows:*:*", "matchCriteriaId": "67ED13F8-B452-4F90-A492-7D4AEE36A4DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_7:*:*:enterprise:windows:*:*", "matchCriteriaId": "FD56699E-78F3-4FC4-B6A5-8D4759B53DBC", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_8:*:*:enterprise:windows:*:*", "matchCriteriaId": "235E44C4-2B84-48DE-A534-6081F3DFDE17", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2021:patch_9:*:*:enterprise:windows:*:*", "matchCriteriaId": "19F7DE12-3456-4BE2-92B3-00F29C7E07F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:-:*:*:enterprise:windows:*:*", "matchCriteriaId": "72D56C24-9CEF-486B-8E46-6111D7B1676A", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_1:*:*:enterprise:windows:*:*", "matchCriteriaId": "338E52B2-AD7D-43F3-B707-E0E5976B269E", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_10:*:*:enterprise:windows:*:*", "matchCriteriaId": "D216C67A-F124-49F0-90EA-B0C8B663D760", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_11:*:*:enterprise:windows:*:*", "matchCriteriaId": "81D4C015-A0D2-44E8-87B1-5CF790EFDBED", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_2:*:*:enterprise:windows:*:*", "matchCriteriaId": "FA68ADC7-9E20-4BD3-9235-6D76D4519512", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_3:*:*:enterprise:windows:*:*", "matchCriteriaId": "B41A9B8C-FAD3-46F1-8973-DF1FA408064B", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_4:*:*:enterprise:windows:*:*", "matchCriteriaId": "EE23F5BD-579C-488D-965A-AE916C32976A", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_5:*:*:enterprise:windows:*:*", "matchCriteriaId": "E9C90120-93D1-43B0-B541-F07EB8FD44EB", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_6:*:*:enterprise:windows:*:*", "matchCriteriaId": "450F236B-4673-403C-9E23-736C0ED92F6E", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_7:*:*:enterprise:windows:*:*", "matchCriteriaId": "D5E431DE-26E2-4DA2-AD0B-1479D0C95B98", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_8:*:*:enterprise:windows:*:*", "matchCriteriaId": "0D6F6570-970B-4E49-9D92-65FAFCC71360", "vulnerable": true}, {"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_9:*:*:enterprise:windows:*:*", "matchCriteriaId": "38116465-3485-44D3-9097-F2C821D8278F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. Due to improper validation of HTTP headers, a remote attacker is able to elevate their privilege by tunneling HTTP requests, allowing them to execute HTTP requests on the backend server that hosts the repository application. The fixed versions are August 2023 Patch 2, May 2023 Patch 6, February 2023 Patch 10, November 2022 Patch 12, August 2022 Patch 14, May 2022 Patch 16, February 2022 Patch 15, and November 2021 Patch 17. NOTE: this issue exists because of an incomplete fix for CVE-2023-41265."}, {"lang": "es", "value": "Qlik Sense Enterprise para Windows antes de agosto de 2023 El parche 2 permite la ejecuci\u00f3n remota de c\u00f3digo no autenticado, tambi\u00e9n conocido como QB-21683. Debido a una validaci\u00f3n inadecuada de los encabezados HTTP, un atacante remoto puede elevar su privilegio al canalizar las solicitudes HTTP, lo que le permite ejecutar solicitudes HTTP en el servidor backend que aloja la aplicaci\u00f3n del repositorio. Las versiones corregidas son el parche 2 de agosto de 2023, el parche 6 de mayo de 2023, el parche 10 de febrero de 2023, el parche 12 de noviembre de 2022, el parche 14 de agosto de 2022, el parche 16 de mayo de 2022, el parche 15 de febrero de 2022 y el parche 17 de noviembre de 2021. NOTA: este problema existe debido a una soluci\u00f3n incompleta para CVE-2023-41265."}], "id": "CVE-2023-48365", "lastModified": "2023-11-29T20:43:54.133", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 9.6, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 5.8, "source": "cve@mitre.org", "type": "Secondary"}]}, "published": "2023-11-15T22:15:28.027", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/tac-p/2120510"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-444"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}