High Severity Security fixes for Qlik Sense Enterprise for Windows (CVE-2024-55579 and CVE-2024-55580)

Published on 18.12.2024
News
BI-Blog

A security issue in Qlik Sense Enterprise for Windows has been identified, and patches have been made available.

Qlik Security Fix

If successfully exploited, this vulnerability could lead to a compromise of the server running the Qlik Sense software, including remote code execution (RCE).  

Affected Software 

All versions of Qlik Sense Enterprise for Windows prior to and including these releases are impacted: 

  • May 2024 Patch 9
  • February 2024 Patch 13
  • November 2023 Patch 15
  • August 2023 Patch 15
  • May 2023 Patch 17
  • February 2023 Patch 14

Vulnerability Details (High) 

Due to improper input validation, a remote attacker with existing privileges is able to elevate them to the internal system role, which in turns allows them to execute commands on the server.  

Further Details

Resolution 

Customers should upgrade Qlik Sense Enterprise for Windows to a version containing fixes for these issues. Fixes are available for the following versions: 

  • November 2024 Initial Release
  • May 2024 Patch 10 or 11 (both valid)
  • February 2024 Patch 14 or 15 (both valid)
  • November 2023 Patch 16 or 17 (both valid)
  • August 2023 Patch 16 or 17 (both valid)
  • May 2023 Patch 18 or 19 (both valid)
  • February 2023 Patch 15 or 16 (both valid)

Leave a comment

Plain text

  • No HTML tags allowed.
  • Lines and paragraphs break automatically.
  • Web page addresses and email addresses turn into links automatically.