CVE-2023-41266 - Qlik Sense Path Traversal Vulnerability
项目:Qlik
产品:Sense
添加日期:2023-12-07到期日:2023-12-28最后更新:June 21, 2025
漏洞名称
Qlik Sense Path Traversal Vulnerability
描述
Qlik Sense contains a path traversal vulnerability that allows a remote, unauthenticated attacker to create an anonymous session by sending maliciously crafted HTTP requests. This anonymous session could allow the attacker to send further requests to unauthorized endpoints.
已知用于勒索软件活动吗?
Known
采集行动
Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
其他说明
https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/ta-p/2110801
https://nvd.nist.gov/vuln/detail/CVE-2023-41266