mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-06-07 05:28:59 +00:00
277 lines
11 KiB
JSON
277 lines
11 KiB
JSON
{
|
|
"id": "CVE-2023-41266",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2023-08-29T23:15:09.380",
|
|
"lastModified": "2023-09-08T13:57:32.727",
|
|
"vulnStatus": "Analyzed",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "A path traversal vulnerability found in Qlik Sense Enterprise for Windows for versions May 2023 Patch 3 and earlier, February 2023 Patch 7 and earlier, November 2022 Patch 10 and earlier, and August 2022 Patch 12 and earlier allows an unauthenticated remote attacker to generate an anonymous session. This allows them to transmit HTTP requests to unauthorized endpoints. This is fixed in August 2023 IR, May 2023 Patch 4, February 2023 Patch 8, November 2022 Patch 11, and August 2022 Patch 13."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "LOW",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 6.5,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 2.5
|
|
},
|
|
{
|
|
"source": "cve@mitre.org",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "NONE",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "LOW",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 8.2,
|
|
"baseSeverity": "HIGH"
|
|
},
|
|
"exploitabilityScore": 3.9,
|
|
"impactScore": 4.2
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-20"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:-:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "41AEA1CA-D344-48DB-92D8-05D0EDC8487D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_1:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "FC12BB7A-366F-4EE2-AABF-19E83B5B9EC7"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_10:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "5F601CFC-70D0-450B-AE49-058E6B887E15"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_11:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "17E7F947-3322-46BB-9B89-689F1B792D89"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_12:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "37AF6E89-73F0-49E8-82F4-08084A5EBE2A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_2:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "E4C7CBBB-C6A0-460E-95DC-C1855826C7F8"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_3:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "BD491E32-270C-452B-AC1E-FB8F509B916E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_4:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "EDE2809B-4234-443E-9E6A-6B402D258617"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_5:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "155F0D6F-2E4A-40E7-9145-7D130334466B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_6:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "D733F495-E0EF-4F25-8532-2773415EFB8B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_7:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "578092D7-0F52-45C1-B7E2-FC5AF86AB8ED"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_8:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "1B3164BA-0BDB-41F9-B51C-4FB0489A125A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:august_2022:patch_9:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "E0D31C35-50DC-4CDF-AFD4-311EAF5BBBD0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2023:-:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "95BBBA68-269F-4385-9D14-A736F2CD707E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2023:patch_1:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "E6E1046C-35F4-451A-BFF1-2FC6EB01B547"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2023:patch_2:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "D9AB037B-EE88-47CD-B387-42651CBAAFF9"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2023:patch_3:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "3D28B87A-B36A-428E-A93B-255CFD62036F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2023:patch_4:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "9AD961D6-A315-493C-926F-1441E51C1742"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2023:patch_5:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "1EFEBD77-7968-4649-8E9B-DAB24DC36E64"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2023:patch_6:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "E6D033E6-C022-4C6B-9EAC-95ABF6CA9BA6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:february_2023:patch_7:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "761B402F-4E98-46A4-A8E3-87F167CF01D0"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2023:-:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "9E7034FB-5E64-47AD-B4A4-8428474C48C4"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2023:patch_1:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "29158A06-3DE9-487B-9BC5-B4A690864F4F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2023:patch_2:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "272C2CFE-0D8E-46CE-92B6-2BA8658C951B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:may_2023:patch3:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "039E4C03-89CA-4E77-8D79-39D22E85A299"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:-:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "72D56C24-9CEF-486B-8E46-6111D7B1676A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_1:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "338E52B2-AD7D-43F3-B707-E0E5976B269E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_10:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "D216C67A-F124-49F0-90EA-B0C8B663D760"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_2:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "FA68ADC7-9E20-4BD3-9235-6D76D4519512"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_3:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "B41A9B8C-FAD3-46F1-8973-DF1FA408064B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_4:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "EE23F5BD-579C-488D-965A-AE916C32976A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_5:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "E9C90120-93D1-43B0-B541-F07EB8FD44EB"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_6:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "450F236B-4673-403C-9E23-736C0ED92F6E"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_7:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "D5E431DE-26E2-4DA2-AD0B-1479D0C95B98"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_8:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "0D6F6570-970B-4E49-9D92-65FAFCC71360"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:qlik:qlik_sense:november_2022:patch_9:*:*:enterprise:windows:*:*",
|
|
"matchCriteriaId": "38116465-3485-44D3-9097-F2C821D8278F"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "https://community.qlik.com/t5/Official-Support-Articles/Critical-Security-fixes-for-Qlik-Sense-Enterprise-for-Windows/ta-p/2110801",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Vendor Advisory"
|
|
]
|
|
},
|
|
{
|
|
"url": "https://community.qlik.com/t5/Release-Notes/tkb-p/ReleaseNotes",
|
|
"source": "cve@mitre.org",
|
|
"tags": [
|
|
"Release Notes"
|
|
]
|
|
}
|
|
]
|
|
} |