Unprivileged Users Can Execute Remote Commands, Risks High Availability Damages
CVE-2024-55580

7.5HIGH

Key Information:

Vendor: Qlik Sense Enterprise
Vendor: CVE Published:; 9 December 2024

🔔 Create Qlik Sense Enterprise Vulnerability Alert

What is CVE-2024-55580?

A vulnerability in Qlik Sense Enterprise for Windows prior to the November 2024 IR has been identified, allowing unprivileged users with network access to execute remote commands. This presents significant risks to both system integrity and confidentiality. The potential for high availability impacts raises concerns for organizations using the affected product. Mitigation is available through updates and patches provided by Qlik, including those released in subsequent months leading up to November 2024.

References

https://community.qlik.com/t5/Official-Support-Articles/H...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 9, 2024
Vulnerability Reserved
Dec 9, 2024