🔴 CVE-2023-48365

CVE-2023-48365 is an unauthenticated remote code execution vulnerability in Qlik Sense Enterprise for Windows caused by improper HTTP header validation. Attackers can tunnel HTTP requests to execute commands on the backend repository server, leading to complete system compromise.

← Back to Overview
HIGH_RISK
Risk Level
9.6
CVSS Score
NETWORK
Attack Vector
Initial Access
ATT&CK Tactic
T1190 — Exploit Public-Facing Application
ATT&CK Technique
HIGH
Deployment Risk
Yes (+507d)
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: DIRECT_NETWORK

CVE Published: 2023-11-15

Added to CISA KEV: 2025-01-13 425 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2023-48365 is a critical security vulnerability affecting Qlik Sense Enterprise for Windows [1] [6]. It stems from an incomplete fix for a previous vulnerability, CVE-2023-41265 [1] [5].

Key Details
FeatureDescription
Vulnerability TypeUnauthenticated Remote Code Execution (RCE) [1]
Exploitation MethodImproper validation of HTTP headers allows an attacker to tunnel HTTP requests to the backend server hosting the repository application [1]
RequirementsNetwork access; no authentication or user interaction is required [1] [4]
ImpactFull control over the backend server, enabling malware deployment, data exfiltration, or lateral movement [4]
Exploitation and Threat Actor Activity
  • Active Exploitation: The vulnerability has been observed being exploited in the wild [5].
  • Ransomware Campaigns: It has been specifically linked to ransomware campaigns, including the Cactus ransomware group, which leveraged this vulnerability to compromise systems [2].
Affected Versions and Mitigation
  • Affected Versions: All versions of Qlik Sense Enterprise for Windows prior to the August 2023 Patch 2 release are impacted [1].
  • Patch Status: The vulnerability is resolved in the following patch releases:
* August 2023 Patch 2 * May 2023 Patch 6 * February 2023 Patch 10 * November 2022 Patch 12 * August 2022 Patch 14 * May 2022 Patch 16 * February 2022 Patch 15 * November 2021 Patch 17 [1]

Administrators are advised to ensure their instances are updated to these or later versions to mitigate the risk of exploitation [3].

Sources

  1. CVE-2023-48365 Detail - NVD

    Description. Qlik Sense Enterprise for Windows before August 2023 Patch 2 allows unauthenticated remote code execution, aka QB-21683. ... The fixed versions are August 2023 Patch 2, May 2023 Patch 6, February 2023 Patch 10, November 2022 Patch 12, August 2022 Patch 14, May 2022 Patch 16, February 20…

  2. CVE-2023-48365 - Exploits & Severity - Feedly

    Impact Unauthenticated remote attackers with low privileges can gain network access to exploit this vulnerability with low attack complexity. Successful exploitation allows attackers to achieve complete system compromise with high impact to confidentiality, integrity, and availability across changed…

  3. CVE-2023-48365 - Unauthenticated remote code execution...

    Unauthenticated remote code execution vulnerability in Qlik Sense Enterprise for Windows prior to August 2023 Patch 2 due to improper HTTP header validation, pe.Verify and validate: Confirm the patch is installed on all instances by checking version/build numbers; restart affected services as requir…

  4. Qlik Sense Enterprise for Windows Pre-Auth RCE | Armis

    CVE-2023-48365 is a critical pre-authentication remote code execution (RCE) vulnerability affecting Qlik Sense Enterprise for Windows.Impact and blast radius: successful exploitation of CVE-2023-48365 grants attackers full control over the backend server, potentially allowing them to deploy malware…

  5. Critical Security Updates Released for Qlik Sense Enterprise for ...

    The third vulnerability, CVE-2023-48365, is rated as critical, and exists due to an incomplete fix for CVE-2023-41265. Exploitation in the wild ... The third vulnerability, CVE-2023-48365, is rated as critical, and exists due to an incomplete fix for CVE-2023-41265.Exploitation in the wild of CVE-20…

  6. Critical Security fixes for Qlik Sense Enterprise for Windows (CVE ...

    This vulnerability could lead to a compromise of the server running the Qlik Sense software, including unauthenticated remote code execution (RCE). ... If successfully exploited, this vulnerability could lead to a compromise of the server running the Qlik Sense software, including unauthenticated re…

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed