CVE-2023-41265

NVD Published Date: August 29, 2023 at 11:15 PM
NVD Last Modified: September 08, 2023 at 01:59 PM
Download Patch
Vulnerability ID
CVE-2023-41265
Severity
CRITICAL
Severity Score
9.9
Summary
An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request. This allows them to send requests that get executed by the backend server hosting the repository application. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.
Mitigation and Patches
-
Metasploit Payload
-
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE ID
CWE-444

Recent Publish

CVE-2012-0507

2024-06 Security Only Quality Update for Windows Server 2008 R2 for x64-based Systems (KB5039274)

2024-06 Security Only Quality Update for Windows Embedded Standard 7 for x86-based Systems (KB5039274)

2024-06 Security Only Quality Update for Windows Embedded Standard 7 for x64-based Systems (KB5039274)

2024-06 Security Monthly Quality Rollup for Windows Embedded Standard 7 for x64-based Systems (KB5039289)

2024-06 Security Monthly Quality Rollup for Windows Server 2008 R2 for x64-based Systems (KB5039289)

See SecOps Solution
in action

Schedule Demo