Unprivileged Users Can Execute Remote Commands, Risks High Availability Damages
CVE-2024-55580

7.5HIGH

Key Information:

Vendor
CVE Published:
9 December 2024

What is CVE-2024-55580?

A vulnerability in Qlik Sense Enterprise for Windows prior to the November 2024 IR has been identified, allowing unprivileged users with network access to execute remote commands. This presents significant risks to both system integrity and confidentiality. The potential for high availability impacts raises concerns for organizations using the affected product. Mitigation is available through updates and patches provided by Qlik, including those released in subsequent months leading up to November 2024.

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.