An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. An unprivileged user with network access may be able to create connection objects that trigger execution of arbitrary EXE files. This is fixed in November 2024 IR, May 2024 Patch 10, February 2024 Patch 14, November 2023 Patch 16, August 2023 Patch 16, May 2023 Patch 18, and February 2023 Patch 15.
Metrics
Affected Vendors & Products
References
History
Tue, 10 Dec 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-863 | |
Metrics |
ssvc
|
Mon, 09 Dec 2024 03:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | An issue was discovered in Qlik Sense Enterprise for Windows before November 2024 IR. An unprivileged user with network access may be able to create connection objects that trigger execution of arbitrary EXE files. This is fixed in November 2024 IR, May 2024 Patch 10, February 2024 Patch 14, November 2023 Patch 16, August 2023 Patch 16, May 2023 Patch 18, and February 2023 Patch 15. | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-12-09T00:00:00
Updated: 2024-12-17T04:55:16.102Z
Reserved: 2024-12-09T00:00:00
Link: CVE-2024-55579
Vulnrichment
Updated: 2024-12-10T14:29:35.368Z
NVD
Status : Awaiting Analysis
Published: 2024-12-09T03:15:05.197
Modified: 2024-12-10T15:15:08.163
Link: CVE-2024-55579
Redhat
No data.