Products
Qlik Sense Enterprise for Windows
- before 14.187.4
- February 2024 Patch 3 (14.173.3 - 14.173.7)
- November 2023 Patch 8 (14.159.4 - 14.159.13)
- August 2023 Patch 13 (14.139.3 - 14.139.20)
- May 2023 Patch 15 (14.129.3 - 14.129.22)
- February 2023 Patch 13 (14.113.1 - 14.113.18)
- November 2022 Patch 13 (14.97.2 - 14.97.18)
- August 2022 Patch 16 (14.78.3 - 14.78.23)
- May 2022 Patch 17 (14.67.7 - 14.67.31)
Qlik Sense Enterprise for Windows
- 14.173.3 - 14.187.4
- 14.67.7 - 14.67.31
Source
cve@mitre.org
Tags
CVE-2024-36077 details
Last Modified : May 22, 2024, 6:59 p.m.
Description
Qlik Sense Enterprise for Windows before 14.187.4 allows a remote attacker to elevate their privilege due to improper validation. The attacker can elevate their privilege to the internal system role, which allows them to execute commands on the server. This affects February 2024 Patch 3 (14.173.3 through 14.173.7), November 2023 Patch 8 (14.159.4 through 14.159.13), August 2023 Patch 13 (14.139.3 through 14.139.20), May 2023 Patch 15 (14.129.3 through 14.129.22), February 2023 Patch 13 (14.113.1 through 14.113.18), November 2022 Patch 13 (14.97.2 through 14.97.18), August 2022 Patch 16 (14.78.3 through 14.78.23), and May 2022 Patch 17 (14.67.7 through 14.67.31). This has been fixed in May 2024 (14.187.4), February 2024 Patch 4 (14.173.8), November 2023 Patch 9 (14.159.14), August 2023 Patch 14 (14.139.21), May 2023 Patch 16 (14.129.23), February 2023 Patch 14 (14.113.19), November 2022 Patch 14 (14.97.19), August 2022 Patch 17 (14.78.25), and May 2022 Patch 18 (14.67.34).
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8.8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
8.8
Exploitability Score
Impact Score
Base Severity
HIGH
Vector String : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
References
URL | Source |
---|---|
https://community.qlik.com/t5/Official-Support-Articles/High-Severity-Security-fixes-for-Qlik-Sense-Enterprise-for/ta-p/2452509 | cve@mitre.org |