Qlik Sense Enterprise for Windows prior to 14.187.4 allows a remote malicious user to elevate their privilege due to improper validation. The attacker can elevate their privilege to the internal system role, which allows them to execute commands on the server. This affects February 2024 Patch 3 (14.173.3 up to and including 14.173.7), November 2023 Patch 8 (14.159.4 up to and including 14.159.13), August 2023 Patch 13 (14.139.3 up to and including 14.139.20), May 2023 Patch 15 (14.129.3 up to and including 14.129.22), February 2023 Patch 13 (14.113.1 up to and including 14.113.18), November 2022 Patch 13 (14.97.2 up to and including 14.97.18), August 2022 Patch 16 (14.78.3 up to and including 14.78.23), and May 2022 Patch 17 (14.67.7 up to and including 14.67.31). This has been fixed in May 2024 (14.187.4), February 2024 Patch 4 (14.173.8), November 2023 Patch 9 (14.159.14), August 2023 Patch 14 (14.139.21), May 2023 Patch 16 (14.129.23), February 2023 Patch 14 (14.113.19), November 2022 Patch 14 (14.97.19), August 2022 Patch 17 (14.78.25), and May 2022 Patch 18 (14.67.34).
Vulmon