Advisory: Qlik Sense Enterprise for Windows Remote Code Execution Vulnerabilities

Advisory: Qlik Sense Enterprise Remote Code Execution

In an effort to safeguard our customers, we perform proactive vulnerability research with the goal of identifying zero-day vulnerabilities in applications that are likely to impact the security of leading organizations. Recently, we discovered two vulnerabilities which can be chained together to achieve unauthenticated remote code execution on Qlik Sense Enterprise.

At the moment, we are waiting to publish technical details on the vulnerability to give impacted organizations time to update their systems and remediate the vulnerability. Disclosing further details at this time could put at risk the over six thousand externally facing instances of the application we discovered, including a large number of Fortune 500 companies, military, and government entities with self-hosted externally facing instances of Qlik Sense Enterprise. Praetorian has worked closely with Qlik to responsibly disclose these vulnerabilities, CVE-2023-41265 (HTTP Tunneling Vulnerability in Qlik Sense Enterprise for Windows) and CVE-2023-41266 (Path Traversal in Qlik Sense Enterprise for Windows).

Product Description

Qlik Sense is a business data analytics platform used for data visualization and analysis.

Impact

Exploiting these vulnerabilities allows an unauthenticated attacker to achieve full remote code execution and full administrative privileges within the impacted Qlik Sense instance.

When will Praetorian publish technical details?

We plan on publishing the full technical details of the vulnerability at a later date. At the moment we plan on withholding these technical details to increase the amount of time an attacker would need to develop a fully automated exploit to exploit this issue at scale and give impacted organizations time to patch their Qlik Sense Enterprise instances.

How do I know if my organization is at risk?

Praetorian is proactively reaching out to impacted organizations with public vulnerability disclosure and/or bug bounty programs along with current and former Praetorian customers where we have determined these organizations are running instances of the application through internet-wide scanning data.

The best defense is a proactive one. Understanding your attack surface better and taking proactive steps to reduce exposures and better assess the impact of new vulnerabilities is a critical step of this process. If you’d like to know how the Chariot offensive security platform can help you stay one step ahead of attackers, please don’t hesitate to contact us for a demo.

 

 

icon-praetorian-

See Praetorian in Action

Request a 30-day free trial of our Managed Continuous Threat Exposure Management solution.

About the Authors

Adam Crosser

Adam Crosser

Adam is an operator on the red team at Praetorian. He is currently focused on conducting red team operations and capabilities development.

Catch the Latest

Catch our latest exploits, news, articles, and events.

Ready to Discuss Your Next Continuous Threat Exposure Management Initiative?

Praetorian’s Offense Security Experts are Ready to Answer Your Questions