NVD disclosure day

Published threat advisories for August 29, 2023

CVE-2023-41266

Qlik Sense Path Traversal Vulnerability Allows Unauthorized Access.

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

A path traversal vulnerability in Qlik Sense Enterprise for Windows allowed unauthenticated remote attackers to create anonymous sessions. This could enable attackers to send requests to unauthorized endpoints, potentially leading to unauthorized access to data or system functions. This vulnerability is known to be exp

NVD published: August 29, 2023 • CISA KEV

CVE advisoryKnown Exploit

CVE-2023-41265

Qlik Sense Privilege Escalation via HTTP Tunneling

Halo Surface Signal: 4 out of 5 — likely to be public-facing.

An HTTP Request Tunneling vulnerability in Qlik Sense Enterprise for Windows allows attackers to escalate privileges. This could enable unauthorized command execution on the backend server, impacting data and operations. Affected organizations should apply vendor updates.

NVD published: August 29, 2023 • CISA KEV