Qlik has recognized crucial vulnerabilities in its Qlik Sense Enterprise for Home windows software program that would result in distant code execution (RCE) if exploited. Safety patches have been launched to mitigate these dangers and guarantee system integrity.
The vulnerabilities, found throughout Qlik’s inside safety testing, pose a major menace to techniques working Qlik Sense Enterprise for Home windows.
If an attacker efficiently exploits these flaws, they might achieve management of the server, execute unauthorized instructions, and compromise knowledge confidentiality and integrity. Luckily, there have been no studies of those vulnerabilities being exploited maliciously. Nonetheless, instant motion is required to mitigate the dangers.
Leveraging 2024 MITRE ATT&CK Outcomes for SME & MSP Cybersecurity Leaders – Attend Free Webinar
Vulnerability Particulars
- Distant Code Execution (RCE) by way of Connectors
- CVE-pending (QB-29918, QB-29750)
- Severity: Excessive (CVSS Rating: 8.8)
- Description: Unprivileged customers with community entry can doubtlessly create connection objects that set off the execution of arbitrary executable recordsdata.
- Damaged Entry Management (BAC)
- CVE-pending (QB-29586, QB-29864, QB-29482, QB-29802)
- Severity: Excessive (CVSS Rating: 7.5)
- Description: These vulnerabilities could permit unauthorized customers to execute distant instructions, risking the supply, integrity, and confidentiality of the system.
Affected Software program
| Model | Influence |
| Could 2024 Patch 9 | Weak |
| February 2024 Patch 13 | Weak |
| November 2023 Patch 15 | Weak |
| August 2023 Patch 15 | Weak |
| Could 2023 Patch 17 | Weak |
| February 2023 Patch 14 | Weak |
To deal with these vulnerabilities, customers are suggested to improve to fastened variations of Qlik Sense Enterprise for Home windows instantly.
The really useful updates embody November 2024 Preliminary Launch, Could 2024 Patch 10, February 2024 Patch 14, November 2023 Patch 16, August 2023 Patch 16, Could 2023 Patch 18, and February 2023 Patch 15. The patches resolve the problems, guaranteeing system safety and stability.
Moreover, a workaround has been offered for extension and visualization errors by modifying the Repository configuration file. This workaround could be utilized earlier than or after the improve for these presently going through visualization-related challenges.
To make sure your system is protected towards exploitation, obtain the patched variations from the official Qlik Obtain web page (buyer login required).
Prospects are strongly inspired to use these updates promptly and attain out to Qlik Assist if help is required. Prioritizing these fixes will stop potential compromise of your Qlik Sense Enterprise servers.
Analyse Actual-World Malware & Phishing Assaults With ANY.RUN - Stand up to three Free Licenses