1. Home
  2. Mapping Frameworks
  3. Known Exploited Vulnerabilities Home
  4. Qlik Sense HTTP Tunneling Vulnerability

Known Exploited Vulnerabilities CVE-2023-48365

Qlik Sense contains an HTTP tunneling vulnerability that allows an attacker to escalate privileges and execute HTTP requests on the backend server hosting the software.

Mappings

Capability ID Capability Description Mapping Type ATT&CK ID ATT&CK Name Notes
CVE-2023-48365 Qlik Sense HTTP Tunneling Vulnerability exploitation_technique T1190 Exploit Public-Facing Application
Comments
This vulnerability stems from improper HTTP header validation, if exploited, allows for remote code execution on affected devices.
References
  1. https://www.armis.com/threat-alert/qlik-sense-enterprise-for-windows-pre-auth-rce/
CVE-2023-48365 Qlik Sense HTTP Tunneling Vulnerability exploitation_technique T1133 External Remote Services
Comments
This vulnerability stems from improper HTTP header validation, if exploited, allows for remote code execution on affected devices.
References
  1. https://www.armis.com/threat-alert/qlik-sense-enterprise-for-windows-pre-auth-rce/
CVE-2023-48365 Qlik Sense HTTP Tunneling Vulnerability primary_impact T1059 Command and Scripting Interpreter
Comments
This vulnerability stems from improper HTTP header validation, if exploited, allows for remote code execution on affected devices.
References
  1. https://www.armis.com/threat-alert/qlik-sense-enterprise-for-windows-pre-auth-rce/