Unauthenticated Remote Code Execution Vulnerability in Qlik Sense Enterprise for Windows
CVE-2023-48365

9.9CRITICAL

Key Information:

Vendor

Qlik

Vendor
CVE Published:
15 November 2023

Badges

📈 Score: 502💰 Ransomware👾 Exploit Exists🟣 EPSS 73%🦅 CISA Reported📰 News Worthy

What is CVE-2023-48365?

CVE-2023-48365 is a serious vulnerability affecting Qlik Sense Enterprise for Windows, a widely used platform for data visualization and business intelligence. This vulnerability allows unauthenticated attackers to remotely execute code on the backend server, posing a significant risk to organizations relying on this software for critical data operations. The exploitation of this vulnerability could lead to unauthorized access and manipulation of sensitive data, potentially resulting in severe operational disruptions and data breaches.

Technical Details

This vulnerability arises from improper validation of HTTP headers in Qlik Sense Enterprise prior to August 2023 Patch 2. Attackers can exploit this flaw by tunneling specially crafted HTTP requests to the backend server that hosts the application, enabling them to escalate their privileges. This security flaw was identified as a result of an incomplete fix for a previously reported vulnerability, indicating a critical need for proper patch management and security controls.

Potential Impact of CVE-2023-48365

  1. Unauthorized Remote Code Execution: Attackers can execute arbitrary code on the server, potentially leading to total control over the affected systems and applications.

  2. Data Compromise: This vulnerability can facilitate unauthorized access to sensitive data, resulting in data breaches that can have legal, financial, and reputational repercussions for organizations.

  3. Operational Disruptions: The exploitation of this vulnerability could lead to significant downtime or disruption of services, hindering an organization's ability to operate efficiently and serve its customers.

CISA has reported CVE-2023-48365

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed CVE-2023-48365 as being exploited and is known by the CISA as enabling ransomware campaigns.

The CISA's recommendation is: Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.

News Articles

Shadowserver (@shadowserver.bsky.social)

Attention: we are sharing a one-off special report on Cactus ransomware group campaign targeting Qlik Sense (data viz & business intelligence tool): https://shadowserver.org/what-we-do/network-reporting/critical-vulnerable-compromised-qlik-sense-special-report/ 2894 IPs found vulnerable to CVE-2023...

CACTUS Ransomware Exploits Qlik Sense Vulnerabilities in Targeted Attacks

A CACTUS ransomware campaign has been observed exploiting vulnerabilities in the Qlik Sense cloud analytics and business intelligence platform.

References

EPSS Score

73% chance of being exploited in the next 30 days.

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • 💰

    Used in Ransomware

  • 👾

    Exploit known to exist

  • 🦅

    CISA Reported

  • 📰

    First article discovered by The Hacker News

  • Vulnerability published

  • Vulnerability Reserved

.