← Back

CVE-2023-41265

nvd nistnuclei
Published: Aug 29, 2023Modified: Oct 31, 2025CISA KEV

JSON object

Loading...
9.9
Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Exploitability: 3.1 / Impact: 6.0
Source: NVD

Description

An HTTP Request Tunneling vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows a remote attacker to elevate their privilege by tunneling HTTP requests in the raw HTTP request. This allows them to send requests that get executed by the backend server hosting the repository application. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13.

Affected (36)

Products: Qlik: Qlik Sense
Qlik
1 product
Qlik Sense
Configuration A
36 vulnerable
Vulnerable SoftwareAffected Versions
Qlik
Qlik Sense
Version august_2022
Qlik Sense
Version august_2022 patch_10
Qlik Sense
Version august_2022 patch_11
Qlik Sense
Version august_2022 patch_12
Qlik Sense
Version august_2022 patch_1
Qlik Sense
Version august_2022 patch_2
Qlik Sense
Version august_2022 patch_3
Qlik Sense
Version august_2022 patch_4
Qlik Sense
Version august_2022 patch_5
Qlik Sense
Version august_2022 patch_6
Qlik Sense
Version august_2022 patch_7
Qlik Sense
Version august_2022 patch_8
Qlik Sense
Version august_2022 patch_9
Qlik Sense
Version february_2023
Qlik Sense
Version february_2023 patch_1
Qlik Sense
Version february_2023 patch_2
Qlik Sense
Version february_2023 patch_3
Qlik Sense
Version february_2023 patch_4
Qlik Sense
Version february_2023 patch_5
Qlik Sense
Version february_2023 patch_6
Qlik Sense
Version february_2023 patch_7
Qlik Sense
Version may_2023
Qlik Sense
Version may_2023 patch3
Qlik Sense
Version may_2023 patch_1
Qlik Sense
Version may_2023 patch_2
Qlik Sense
Version november_2022
Qlik Sense
Version november_2022 patch_10
Qlik Sense
Version november_2022 patch_1
Qlik Sense
Version november_2022 patch_2
Qlik Sense
Version november_2022 patch_3
Qlik Sense
Version november_2022 patch_4
Qlik Sense
Version november_2022 patch_5
Qlik Sense
Version november_2022 patch_6
Qlik Sense
Version november_2022 patch_7
Qlik Sense
Version november_2022 patch_8
Qlik Sense
Version november_2022 patch_9

Related CWEs

CWE-444
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling')
The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities such as a client and server, but it does not interpret malformed HTTP requests or responses in ways that are consistent with how the messages will be processed by those entities that are at the ultimate destination.

References (5)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
Release Notes
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
US Government Resource

Timeline

No history available yet.