WNE Security News
Read more about “CVE-2023-48365 Qlik Sense HTTP Tunneling Vulnerability” and the most important cybersecurity news to stay up to date with
CVE-2023-48365 Qlik Sense HTTP Tunneling Vulnerability

WNE Security Publisher
1/15/2025
(CVE-2023-48365) Base Score:
Vendors Mitigation Instructions
9.4

Learn about CVE-2023-48365 Qlik Sense HTTP Tunneling Vulnerability and other newly exploited vulnerabilities and new best practices by subscribing to our newsletter.
CVE-2023-48365 is a critical security vulnerability identified in Qlik Sense Enterprise for Windows, a widely used data analytics platform. This flaw allows unauthenticated remote attackers to execute arbitrary code on affected systems, posing significant risks to organizations relying on this software.
CVE-2023-48365 Description
The vulnerability stems from improper validation of HTTP headers within Qlik Sense Enterprise for Windows. Attackers can exploit this weakness by tunneling HTTP requests, enabling them to execute commands on the backend server hosting the repository application. Notably, this issue exists due to an incomplete fix for a previous vulnerability, CVE-2023-41265.
What is Vulnerable to CVE-2023-48365?
All versions of Qlik Sense Enterprise for Windows prior to the following patched releases are vulnerable:
- August 2023 Patch 2
- May 2023 Patch 6
- February 2023 Patch 10
- November 2022 Patch 12
- August 2022 Patch 14
- May 2022 Patch 16
- February 2022 Patch 15
- November 2021 Patch 17
Organizations running versions earlier than these should consider their systems at risk and take immediate action to mitigate potential threats.
Mitigation and Remediation for CVE-2023-48365
To address this vulnerability, Qlik has released patches for the affected versions. Organizations should:
Update Software: Upgrade Qlik Sense Enterprise for Windows to the latest patched version corresponding to your deployment.
Verify Patch Application: Ensure that the update has been applied successfully and that the system is operating as expected.
Monitor Systems: Continuously monitor network traffic and system logs for any unusual activity that could indicate attempted exploitation.
Review Security Practices: Regularly assess and update security protocols to protect against potential vulnerabilities.
Impact of Successful Exploitation of CVE-2023-48365
If exploited, this vulnerability can lead to:
Remote Code Execution: Attackers can execute arbitrary commands on the affected system without authentication.
System Compromise: Full control over the compromised server, potentially leading to data theft, unauthorized access to sensitive information, and further network infiltration.
Operational Disruption: Interruption of services provided by Qlik Sense, affecting business operations and decision-making processes.
Proof of Concept for CVE-2023-48365
As of now, there is no publicly available proof-of-concept (PoC) exploit for CVE-2023-48365. However, reports indicate that this vulnerability has been exploited in ransomware attacks, underscoring the importance of prompt patching and system monitoring.
CVE-2023-48365 presents a serious threat to organizations utilizing Qlik Sense Enterprise for Windows. Immediate action is required to apply the necessary patches and safeguard systems against potential exploitation. Regular updates and vigilant monitoring are essential components of an effective cybersecurity strategy.
For detailed information and patch downloads, refer to Qlik’s official security advisory.
Learn more about WNE Security products and services that can help keep you cyber safe.
Learn about CVE-2023-48365 Qlik Sense HTTP Tunneling Vulnerability and other vulnerabilities and best practices by subscribing to our newsletter.
Subscribe to WNE Security’s newsletter for the latest cybersecurity best practices, 0-days, and breaking news. Or learn more about “CVE-2023-48365 Qlik Sense HTTP Tunneling Vulnerability” by clicking the links below