Qlik Sense Enterprise Auth Bypass (CVE-2023-41266) - Vulnerability Database

Qlik Sense Enterprise Auth Bypass (CVE-2023-41266)

Description

Qlik Sense Enterprise has an authentication bypass vulnerability. An attacker can bypass the authentication with a specially crafted path and get an anonymous session.

Remediation

Upgrade to the latest version of Qlik Sense

References

Critical Security fixes for Qlik Sense Enterprise for Windows (CVE-2023-41266, CVE-2023-41265)

ZeroQlik: Achieving Unauthenticated Remote Code Execution via HTTP Request Tunneling and Path Traversal

Related Vulnerabilities

Severity

High

Classification

CVE-2023-41266

CWE-20

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:L/VA:N/SC:N/SI:N/SA:N