CVE-2024-36077

EPSS 1.07%
Veröffentlicht 22.05.2024 17:16:15
Zuletzt bearbeitet 21.11.2024 09:21:35
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Qlik Sense Enterprise for Windows before 14.187.4 allows a remote attacker to elevate their privilege due to improper validation. The attacker can elevate their privilege to the internal system role, which allows them to execute commands on the server. This affects February 2024 Patch 3 (14.173.3 through 14.173.7), November 2023 Patch 8 (14.159.4 through 14.159.13), August 2023 Patch 13 (14.139.3 through 14.139.20), May 2023 Patch 15 (14.129.3 through 14.129.22), February 2023 Patch 13 (14.113.1 through 14.113.18), November 2022 Patch 13 (14.97.2 through 14.97.18), August 2022 Patch 16 (14.78.3 through 14.78.23), and May 2022 Patch 17 (14.67.7 through 14.67.31). This has been fixed in May 2024 (14.187.4), February 2024 Patch 4 (14.173.8), November 2023 Patch 9 (14.159.14), August 2023 Patch 14 (14.139.21), May 2023 Patch 16 (14.129.23), February 2023 Patch 14 (14.113.19), November 2022 Patch 14 (14.97.19), August 2022 Patch 17 (14.78.25), and May 2022 Patch 18 (14.67.34).

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch das CVE Programm von Authorized Data Publishers (ADP) (Unstrukturiert)

Herstellerqlik

≫

Produkt qlik_sense

Default Statusaffected

Version february_2024

Status affected

Herstellerqlik

≫

Produkt qlik_sense

Default Statusaffected

Version november_2023

Status affected

Herstellerqlik

≫

Produkt qlik_sense

Default Statusaffected

Version august_2023

Status affected

Herstellerqlik

≫

Produkt qlik_sense

Default Statusaffected

Version may_2023

Status affected

Herstellerqlik

≫

Produkt qlik_sense

Default Statusaffected

Version february_2023

Status affected

Herstellerqlik

≫

Produkt qlik_sense

Default Statusaffected

Version november_2022

Status affected

Herstellerqlik

≫

Produkt qlik_sense

Default Statusaffected

Version may_2022

Status affected

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.07%	0.771

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cve@mitre.org	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://community.qlik.com/t5/Official-Support-Articles/High-Severity-Security-fixes-for-Qlik-Sense-Enterprise-for/ta-p/2452509

https://nvd.nist.gov/vuln/detail/CVE-2024-36077

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-36077

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-36077

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-36077