Intrusion PreventionQlik.Sense.qmc.Path.Traversal
Description
This indicates an attack attempt to exploit a Directory Traversal Vulnerability in Qlik Sense Enterprise.
The vulnerability is due to insufficient input sanitization in the affected endpoint. A remote, unauthenticated attacker could exploit this vulnerability by sending a crafted request to the target server. Successful exploitation could result in privilege escalation and potential information disclosure on the target system.
Affected Products
Qlik Sense Enterprise for Windows version May 2023 Patch 3 and prior
Qlik Sense Enterprise for Windows version February 2023 Patch 7 and prior
Qlik Sense Enterprise for Windows version November 2022 Patch 10 and prior
Qlik Sense Enterprise for Windows version August 2022 Patch 12 and prior
Impact
Security Bypass: Remote attackers can bypass security checks of vulnerable systems.
Recommended Actions
Apply the most recent upgrade or patch from the vendor.
https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/ta-p/2110801
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Status | Detail |
|---|---|---|---|
| 2024-07-25 | 28.833 |
Modified
|
Name:Qlik. Sense. qmc. Directory. Traversal:Qlik. Sense. qmc. Path. Traversal |
| 2024-05-01 | 27.778 |
Modified
|
Name:Qlik. Sense. qmc. Directory. Traversal. Vulnerability:Qlik. Sense. qmc. Directory. Traversal |
| 2023-12-27 | 26.703 |
Modified
|
Sig Added |
| 2023-12-14 | 26.696 |
Modified
|
Default_action:pass:drop |
| 2023-12-12 | 26.693 |
New
|
| ID | 54477 |
| Created | Dec 06, 2023 |
| Updated | Jul 23, 2024 |
| CVE ID | |
| Risk |
|
| Known Exploited | Yes |
| Exploit Prediction Score | 94.3% |
| Default Action | drop |
| Active | |
| Affected OS | Windows |
| Affected App | Other |
| Profile Type | Path Traversal |